Cross-site Scripting Vulnerability (PAN-SA-2013-0002)

Last revised: 07/22/2013


A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization. (Ref #50908)

Severity: Medium

This issue affects the management interface of the device where the API browser is exposed.

Products Affected

PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.

Available Updates

PAN-OS 4.1.13 and PAN-OS 5.0.6 address this issue.

Workarounds and Mitigations

This issue only affects the web-based device management API browser.


Jungo Katsuyama, NTT Communications