Palo Alto Expedition Cross-Site Scripting

medium Nessus Plugin ID 135238

Synopsis

The reported version of Palo Alto Expedition is vulnerable to Cross-Site Scripting.

Description

Multiple cross-site scripting (XSS) vulnerability exists in Palo ALto Expedition Migration Tool in versions less than or equal to 1.1.8 due to improper validation of user-supplied input before returning it to users.

- An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the User Mapping settings (CVE-2019-1569).

- An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the LDAP server settings (CVE-2019-1570).

- An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the Radius server settings (CVE-2019-1571).

Solution

Update to Palo Alto Expedition version 1.1.8 or later.

See Also

https://security.paloaltonetworks.com/PAN-SA-2019-0004

Plugin Details

Severity: Medium

ID: 135238

File Name: pan_sa_2019_0004.nasl

Version: 1.3

Type: remote

Published: 4/7/2020

Updated: 3/19/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2019-1571

CVSS v3

Risk Factor: Medium

Base Score: 4.8

Temporal Score: 4.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:paloaltonetworks:expedition_migration_tool

Required KB Items: installed_sw/Palo Alto Expedition

Exploit Available: true

Exploit Ease: Exploits are available

Reference Information

CVE: CVE-2019-1569, CVE-2019-1570, CVE-2019-1571