107564

https://securityadvisories.paloaltonetworks.com/Home/Detail/142

https://www.tenable.com/security/research/tra-2019-13

Multiple cross-site scripting (XSS) vulnerability exists in Palo ALto Expedition Migration Tool in versions less than or equal to 1.1.8 due to improper validation of user-supplied input before returning it to users.

  - An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the User Mapping settings (CVE-2019-1569).

  - An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the LDAP server settings (CVE-2019-1570).

  - An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the Radius server settings (CVE-2019-1571).

CVE-2019-1569

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins