Sayali Kulkarni

**Name of the Vulnerable Software and Affected Versions** Palo Alto Networks Expedition Migration tool version 1.1.12 and earlier **Description** The issue is related to a cross-site scripting (XSS) vulnerability that may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. This is due to insufficient protection of the web page structure, which can be exploited by a remote attacker to inject arbitrary JavaScript or HTML code into the loaded web page. **Recommendations** For versions 1.1.12 and earlier, update to a version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Expedition Migration tool version 1.1.6 and earlier Palo Alto Networks Migration Tool (affected versions not specified) **Description** The issue allows an authenticated attacker to run arbitrary JavaScript or HTML, potentially enabling cross-site scripting attacks. This could be achieved through a specially crafted link, allowing a remote attacker to perform malicious actions. **Recommendations** For Expedition Migration tool version 1.1.6 and earlier, update to a version later than 1.1.6 to resolve the issue. For Palo Alto Networks Migration Tool, at the moment, there is no information about a newer version that contains a fix for this vulnerability.