CVE-2019-1567Cross-site Scripting in Paloaltonetworks Expedition Migration Tool

CWE-79Cross-site Scripting5 documents5 sources
Severity
5.4MEDIUMNVD
EPSS
0.3%
top 47.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Paloaltonetworks Expedition Migration ToolPalo Alto Networks Expedition Migration ToolPaloalto Expedition
Timeline
PublishedApr 9
Latest updateMay 13

Description

The Expedition Migration tool 1.1.6 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

CVEListV5palo_alto/palo_alto_networks_expedition_migration_toolExpedition 1.1.6 and earlier

🔴Vulnerability Details

2
GHSA
GHSA-597j-8qfw-cjcg: The Expedition Migration tool 12022-05-13
CVEList
CVE-2019-1567: The Expedition Migration tool 12019-04-09

📋Vendor Advisories

1
Palo Alto
Stored Cross-Site Scripting in Expedition Migration Tool2019-02-28

💬Community

1
Bugzilla
CVE-2019-19074 kernel: a memory leak in the ath9k management function in allows local DoS2019-11-21
CVE-2019-1567 — Cross-site Scripting | cvebase