CVE-2019-1569

LOW

Description

The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user.

References

http://www.securityfocus.com/bid/107564

https://securityadvisories.paloaltonetworks.com/Home/Detail/142

https://www.tenable.com/security/research/tra-2019-13

Details

Source: MITRE

Published: 2019-03-26

Updated: 2019-03-27

Type: CWE-79

Risk Information

CVSS v2.0

Base Score: 3.5

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 6.8

Severity: LOW

CVSS v3.0

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Impact Score: 2.7

Exploitability Score: 1.7

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:paloaltonetworks:expedition:*:*:*:*:*:*:*:* versions up to 1.1.8 (inclusive)

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
135238Palo Alto Expedition Cross-Site ScriptingNessusService detection
low