GlobalProtect Portal Login page in Palo Alto Networks PAN-OS prior to 8.1.4 allows an unauthenticated malicious user to inject arbitrary JavaScript or HTML.
paloaltonetworks pan-os