Palo Alto Networks PAN-OS Addresses Object Parser Injection Vulnerability

Palo Alto Networks PAN-OS is an operating system developed by Palo Alto Networks, Inc. for its firewall appliances. A security vulnerability exists in the Addresses Object parser of Palo Alto Networks PAN-OS, which arises from the program's failure to properly handle single quote characters. A...

Design/Logic Flaw

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single quote characters, which allows remote authenticated users to conduct XPath injection attacks via a...