CVE-2019-1568 Cross Site Scripting (XSS) in Demisto
Attack Vector NETWORK
Scope CHANGED
Attack Complexity LOW
Confidentiality Impact LOW
Privileges Required NONE
Integrity Impact LOW
User Interaction REQUIRED
Availability Impact NONE
Description
A cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Demisto. (Ref CVE-2019-1568)
Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
This issue affects Demisto 4.5 build 40249
Product Status
Versions | Affected | Unaffected |
---|---|---|
Demisto 4.5 | >= 40249, < 40589 | >= 40589 |
Severity:MEDIUM
CVSSv3.1 Base Score:6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Weakness Type
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Solution
Demisto 4.5 build 40589
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Mihalis Haatainen and Tomi Lindfors of Optimesys for reporting this issue.