PT-2019-2086 · Palo Alto Networks · Palo Alto Networks Expedition Migration Tool

Sayali Kulkarni

Published

2019-04-11

Updated

2019-04-15

CVE-2019-1574

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Expedition Migration tool version 1.1.12 and earlier

Description The issue is related to a cross-site scripting (XSS) vulnerability that may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. This is due to insufficient protection of the web page structure, which can be exploited by a remote attacker to inject arbitrary JavaScript or HTML code into the loaded web page.

Recommendations For versions 1.1.12 and earlier, update to a version that addresses this issue, as no specific workaround is provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2019-01836

CVE-2019-1574

Affected Products

Palo Alto Networks Expedition Migration Tool

PT-2019-2086 · Palo Alto Networks · Palo Alto Networks Expedition Migration Tool

CVE-2019-1574

Weakness Enumeration

Related Identifiers

Affected Products

References · 6