Palo Alto Networks Security Advisories / CVE-2019-1567

CVE-2019-1567 Stored Cross-Site Scripting in Expedition Migration Tool


047910
Severity 5.4 · MEDIUM
Attack Vector NETWORK
Scope CHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required LOW
Integrity Impact LOW
User Interaction REQUIRED
Availability Impact NONE
CVE JSON CSAF
Published 2019-02-28
Updated 2019-02-28
Reference MT-908, PAN-SA-2019-0003
Discovered externally

Description

A stored cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-908/ CVE-2019-1567)

Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings.

This issue affects Expedition 1.1.6 and earlier

Product Status

VersionsAffectedUnaffected
Expedition 1.1<= 1.1.6>= 1.1.7

Severity: MEDIUM

CVSSv3.1 Base Score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solution

Expedition 1.1.7 and later

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Sayali Kulkarni of Tenable for reporting this issue.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure PolicyReport vulnerabilitiesManage subscriptions
© 2025 Palo Alto Networks, Inc. All rights reserved.