Cross Site Scripting (XSS) in Demisto (PAN-SA-2019-0010)

Last revised: 05/06/2019

Summary

A cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Demisto. (Ref CVE-2019-1568)

Severity: Medium

Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.

Products Affected

Demisto 4.5 build 40249

Available Updates

Demisto 4.5 build 40589

Workarounds and Mitigations

N/A

Acknowledgements

Palo Alto Networks would like to thank Mihalis Haatainen and Tomi Lindfors of Optimesys for reporting this issue.