The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107564 | Third Party Advisory VDB Entry |
https://securityadvisories.paloaltonetworks.com/Home/Detail/142 | Third Party Advisory |
https://www.tenable.com/security/research/tra-2019-13 | Exploit Third Party Advisory |
Configurations
History
No history.
Information
Published : 2019-03-26 22:29
Updated : 2024-02-28 17:08
NVD link : CVE-2019-1569
Mitre link : CVE-2019-1569
CVE.ORG link : CVE-2019-1569
JSON object : View
Products Affected
paloaltonetworks
- expedition
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')