Last revised: 07/22/2013
A cross-site scripting vulnerability exists in the web-based device management API browser whereby data provided by the user is echoed back to the user without sanitization. (Ref #50908)
This issue affects the management interface of the device where the API browser is exposed.
PAN-OS version 4.1.12 and earlier; 5.0.5 and earlier.
PAN-OS 4.1.13 and PAN-OS 5.0.6 address this issue.
This issue only affects the web-based device management API browser.
Jungo Katsuyama, NTT Communications