Detections
Analytics
Palo Alto Expedition Cross-Site Scripting (PAN-SA-2019-0003)
medium Nessus Plugin ID 137279
Language:
Synopsis
The reported version of Palo Alto Expedition is vulnerable to Cross-Site Scripting.Description
A cross-site scripting (XSS) vulnerability exists in Palo Alto Expedition Migration Tool in version 1.1.x prior to 1.1.7 due to improper validation of user-supplied input before returning it to users. An authenticated remote attacker may be able to inject arbitrary JavaScript or HTML in the User Mapping settings.Solution
Update to Palo Alto Expedition version 1.1.7 or later.See Also
Plugin Details
Severity: Medium
ID: 137279
File Name: palo_alto_PAN-SA-2019-0003.nasl
Version: 1.2
Type: remote
Family: Palo Alto Local Security Checks
Published: 6/10/2020
Updated: 10/13/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.0
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 2.6
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2019-1567
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.7
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:paloaltonetworks:expedition_migration_tool
Required KB Items: installed_sw/Palo Alto Expedition
Exploit Ease: No known exploits are available
Patch Publication Date: 2/28/2019
Vulnerability Publication Date: 2/28/2019
Reference Information
CVE: CVE-2019-1567
BID: 107216