The earliest recollection of this bug is traced back to PAN-OS 8.1.20 - January 09, 2024.
This bug is fixed in PAN-OS versions 9.1.10, 8.1.20.
A fix was made to address a reflect cross-site scripting (XSS) vulnerability in the PAN-OS web interface that enabled an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performed arbitrary actions in the web interface as the targeted authenticated administrator ( CVE-2021-3052 ).
For more information:
https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-20-addressed-issues
https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-10-addressed-issues