PT-2019-2086 · Palo Alto Networks · Palo Alto Networks Expedition Migration Tool

Sayali Kulkarni

Publicado

2019-04-11

Atualizado

2019-04-15

CVE-2019-1574

CVSS v2.0

5.5

Média

Vetor

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition Migration tool version 1.1.12 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability that may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. This is due to insufficient protection of the web page structure, which can be exploited by a remote attacker to inject arbitrary JavaScript or HTML code into the loaded web page.

Recommendations For versions 1.1.12 and earlier, update to a version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

BDU:2019-01836

CVE-2019-1574

Produtos afetados

Palo Alto Networks Expedition Migration Tool

PT-2019-2086 · Palo Alto Networks · Palo Alto Networks Expedition Migration Tool

CVE-2019-1574

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6