Palo Alto Networks Security Advisories /
CVE-2019-1567CVE-2019-1567 Stored Cross-Site Scripting in Expedition Migration Tool
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required LOW
User Interaction REQUIRED
Scope CHANGED
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE
NVD JSON Published 2019-02-28
Updated 2020-08-25
Reference MT-908 PAN-SA-2019-0003
Discovered externally
Description
A stored cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-908/ CVE-2019-1567)
Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings.
This issue affects Expedition 1.1.6 and earlier
Product Status
Versions | Affected | Unaffected |
---|
Expedition 1.1 | <= 1.1.6 | >= 1.1.7 |
Severity: MEDIUM
CVSSv3.1 Base Score: 5.4 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)
Weakness Type
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Solution
Expedition 1.1.7 and later
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Sayali Kulkarni of Tenable for reporting this issue.
© 2020 Palo Alto Networks, Inc. All rights reserved.