CVE-2019-1578 Cross Site Scripting (XSS) in MineMeld
A reflected cross-site scripting (XSS) vulnerability exists in Palo Alto Networks MineMeld. (Ref CVE-2019-1578)
This issue affects Open Source Community Supported MineMeld version 0.9.60 and earlier.
AutoFocus-Hosted MineMeld is NOT affected.
|MineMeld 0.9||<= 0.9.60||>= 0.9.62.|
CVSSv3.1 Base Score:6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Open Source Community Supported MineMeld version 0.9.62.
Workarounds and Mitigations
Users of affected versions who can’t upgrade to 0.9.62 or later should set the environment variable DISABLE_NEW_EXTENSIONS=1 in MineMeld service startup to prevent the execution of the vulnerable code.