CVE-2019-1574 — Cross-site Scripting in Paloaltonetworks Expedition Migration Tool

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 49.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Paloaltonetworks Expedition Migration Tool Palo Alto Networks Expedition Migration Tool Paloalto Expedition

Timeline

PublishedApr 12

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages3 packages

▶NVDpaloaltonetworks/expedition_migration_tool1.1.12

▶CVEListV5palo_alto_networks/expedition_migration_tool1.1.12 and earlier

▶Palo Altopaloalto/expedition

🔴Vulnerability Details

GHSA

GHSA-v4cg-v94x-g3jx: Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1↗2022-05-14

▶

CVEList

CVE-2019-1574: Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1↗2019-04-12

▶

📋Vendor Advisories

Palo Alto

Cross-Site Scripting in Expedition Migration Tool↗2019-04-11

▶