CVE-2019-1574

MEDIUM

Palo Alto Networks Expedition Migration <1.1.12 - XSS

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/107900
Various Sources x_refsource_confirm
https://security.paloaltonetworks.com/CVE-2019-1574

Scores

CVSS v3 5.4
EPSS 0.0027
EPSS Percentile 50.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
paloaltonetworks/expedition_migration_tool < 1.1.12
Published Apr 12, 2019
Tracked Since Feb 18, 2026