CVE-2019-1571Cross-site Scripting in Paloaltonetworks Expedition

CWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.4%
top 37.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Paloaltonetworks ExpeditionPalo Alto Networks Expedition Migration ToolPaloalto Pan-os
Timeline
PublishedMar 26
Latest updateMay 14

Description

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages3 packages

CVEListV5palo_alto/palo_alto_networks_expedition_migration_toolExpedition 1.1.8 and earlier
Palo Altopaloalto/pan-os

🔴Vulnerability Details

2
GHSA
GHSA-4qhh-6cpg-6632: The Expedition Migration tool 12022-05-14
CVEList
CVE-2019-1571: The Expedition Migration tool 12019-03-26

📋Vendor Advisories

1
Palo Alto
PAN-SA-2019-0004 Cross-Site Scripting in Expedition Migration Tool2019-03-12
CVE-2019-1571 — Cross-site Scripting | cvebase