...
The earliest recollection of this bug is traced back to PAN-OS 8.1.20 - January 08, 2024. This bug is fixed in PAN-OS versions 9.1.10, 8.1.20. A fix was made to address a reflect cross-site scripting (XSS) vulnerability in the PAN-OS web interface that enabled an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performed arbitrary actions in the web interface as the targeted authenticated administrator ( CVE-2021-3052 ). For more information: https://docs.paloaltonetworks.com/pan-os/8-1/pan-os-release-notes/pan-os-8-1-addressed-issues/pan-os-8-1-20-addressed-issues https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-release-notes/pan-os-9-1-addressed-issues/pan-os-9-1-10-addressed-issues
Click on a version to see all relevant bugs
Palo Alto Networks Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.