Palo Alto Networks Security Advisories / CVE-2019-1568

CVE-2019-1568 Cross Site Scripting (XSS) in Demisto

047910
Severity 6.1 · MEDIUM
Attack Vector NETWORK
Scope CHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required NONE
Integrity Impact LOW
User Interaction REQUIRED
Availability Impact NONE
NVD JSON
Published 2019-05-06
Updated
Reference PAN-SA-2019-0010
Discovered externally

Description

A cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Demisto. (Ref CVE-2019-1568)

Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.

This issue affects Demisto 4.5 build 40249

Product Status

VersionsAffectedUnaffected
Demisto 4.5>= 40249, < 40589>= 40589

Severity:MEDIUM

CVSSv3.1 Base Score:6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Weakness Type

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Solution

Demisto 4.5 build 40589

Workarounds and Mitigations

N/A

Acknowledgments

Palo Alto Networks would like to thank Mihalis Haatainen and Tomi Lindfors of Optimesys for reporting this issue.
Terms of usePrivacyProduct Security Assurance and Vulnerability Disclosure Policy Report vulnerabilitiesManage subscriptions
© 2023 Palo Alto Networks, Inc. All rights reserved.