A reflected cross-site scripting (XSS) vulnerability exists in Palo Alto Networks MineMeld. (Ref CVE-2019-1578)
This issue affects Open Source Community Supported MineMeld version 0.9.60 and earlier.
AutoFocus-Hosted MineMeld is NOT affected.
|0.9||<= 0.9.60||>= 0.9.62.|
CVSSv3.1 Base Score: 6.1 ( CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N )
Open Source Community Supported MineMeld version 0.9.62.
Users of affected versions who can’t upgrade to 0.9.62 or later should set the environment variable DISABLE_NEW_EXTENSIONS=1 in MineMeld service startup to prevent the execution of the vulnerable code.