Stored Cross-Site Scripting in Expedition Migration Tool (PAN-SA-2019-0003)

Last revised: 02/28/2019

Summary

A stored cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-908/ CVE-2019-1567)

Severity: Low

Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings.

Products Affected

Expedition 1.1.6 and earlier

Available Updates

Expedition 1.1.7 and later

Workarounds and Mitigations

N/A

Acknowledgements

Palo Alto Networks would like to thank Sayali Kulkarni of Tenable for reporting this issue.