Last revised: 08/24/2016
A cross-site scripting vulnerability exists in the web interface whereby data provided by the user is stored without sanitization. (Ref 90635) (CVE-2016-2219).
PAN-OS 7.0.1 to PAN-OS 7.0.7
PAN-OS 7.0.8 and later
This issue is available only to authenticated users on the web interface. Palo Alto Networks recommends implementing best practices, only allowing management access to a restricted set of IP address, and dedicating management of the device to the management interface only.
Roman Zaikin, CheckPoint Security Team; Juan Sacco, Exploit Pack