{"document":{"category":"csaf_vex","csaf_version":"2.1","notes":[{"category":"summary","text":"Palo Alto Networks PSIRT provided VEX document. This document is autogenerated.","title":"Cross Site Scripting (XSS) in MineMeld"}],"publisher":{"category":"vendor","name":"Palo Alto Networks","namespace":"https://security.paloaltonetworks.com"},"title":"Palo Alto Networks PSIRT provided VEX document: CVE-2019-1578","distribution":{"text":"Copyright © 2024 Palo Alto Networks. All rights reserved.","tlp":{"label":"CLEAR","url":"https://www.first.org/tlp/"}},"tracking":{"current_release_date":"2026-03-11T22:32:00.942Z","generator":{"date":"2026-03-11T22:32:00.942Z","engine":{"name":"Vulnogram","version":"0.0.9"}},"id":"CVE-2019-1578","initial_release_date":"2019-06-27T23:50:00.000Z","revision_history":[{"number":"1","date":"2026-03-11T15:32:00.000Z","summary":"Initial release"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"name":"Palo Alto Networks","category":"vendor","branches":[]}]},"vulnerabilities":[{"cve":"CVE-2019-1578","product_status":{"fixed":["PANW-MineMeld-2"],"known_affected":["PANW-MineMeld-1"]},"notes":[{"category":"description","text":"A reflected cross-site scripting (XSS) vulnerability exists in Palo Alto Networks MineMeld. (Ref CVE-2019-1578)\nA remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser.\nThis issue affects Open Source Community Supported MineMeld version 0.9.60 and earlier.\n\nAutoFocus-Hosted MineMeld is NOT affected."}],"references":[{"category":"external","summary":"NVD - CVE-2019-1578","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-1578"},{"category":"self","summary":"Palo Alto Networks Security Advisory CVE-2019-1578","url":"https://security.paloaltonetworks.com/CVE-2019-1578"}],"threats":[{"category":"impact","description":"A reflected cross-site scripting (XSS) vulnerability exists in Palo Alto Networks MineMeld. (Ref CVE-2019-1578)\nA remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser.\nThis issue affects Open Source Community Supported MineMeld version 0.9.60 and earlier.\n\nAutoFocus-Hosted MineMeld is NOT affected."}],"scores":[{"cvss_v3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE","baseScore":6.1,"baseSeverity":"MEDIUM"},"products":["PANW-MineMeld-1"]}]}]}