The Addresses Object parser in Palo Alto Networks PAN-OS prior to 5.0.20, 5.1.x prior to 5.1.13, 6.0.x prior to 6.0.15, 6.1.x prior to 6.1.15, 7.0.x prior to 7.0.11, and 7.1.x prior to 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a crafted string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
paloaltonetworks pan-os |