PT-2019-2816 · Palo Alto Networks · Palo Alto Networks Traps

Published

2019-06-27

Updated

2019-07-08

CVE-2019-1577

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Palo Alto Networks Traps versions 5.0.5 and earlier

Description The issue is related to incorrect code generation management in Palo Alto Networks Traps, which may allow an authenticated attacker to inject arbitrary JavaScript or HTML. This could enable a remote attacker to execute arbitrary JavaScript or HTML code.

Recommendations For versions 5.0.5 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

BDU:2019-02773

CVE-2019-1577

Affected Products

Palo Alto Networks Traps

PT-2019-2816 · Palo Alto Networks · Palo Alto Networks Traps

CVE-2019-1577

Weakness Enumeration

Related Identifiers

Affected Products

References · 6