CVE-2019-1578

Name of the Vulnerable Software and Affected Versions Palo Alto Networks MineMeld versions 0.9.60 and earlier

Description The issue exists due to insufficient protection of the web page structure. It may allow a remote attacker to execute arbitrary JavaScript code in the admin's browser if they can convince an authenticated MineMeld admin to enter malicious input in the MineMeld UI.

Recommendations For versions 0.9.60 and earlier, update to a version that includes the fix for this issue to prevent exploitation. As a temporary workaround, consider restricting access to the MineMeld UI to minimize the risk of exploitation.