Palo Alto Networks Reflected XSS

Published on
10 Jan 2022


The PAN-OS management web interface has a reflected cross-site scripting (XSS) vulnerability. A remote attacker who can persuade an administrator with an active authenticated session on the firewall management interface to click on a crafted link to that management web interface can run arbitrary JavaScript code in the administrator’s browser and perform administrative actions. PAN-OS 8.1 versions prior to PAN-OS 8.1.16; PAN-OS 9.0 versions prior to PAN-OS 9.0.9 are affected by this bug.


  • Update PAN-OS to the latest version
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment