A vulnerability exists in PAN-OS Captive Portal that could allow for a cross-site scripting (XSS) attack to be performed against clients viewing the captive portal page when configured in a certain way (Ref #PAN-85238/ CVE-2017-16878)
PAN-OS 8.0.6-h3 and earlier.
Cross Site Scripting in PAN-OS Captive Portal (PAN-SA-2017-0031).
Note: Customers not using the Captive Portal function within PAN-OS are not impacted by this vulnerability.
PAN-OS 8.0.7 and later