Stored Cross-Site Scripting in Expedition Migration Tool (PAN-SA-2019-0003)

Last revised: 02/28/2019


A stored cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Migration Tool (“Expedition”). (Ref # MT-908/ CVE-2019-1567)

Severity: Low

Successful exploitation of this issue may allow an authenticated attacker to inject arbitrary JavaScript or HTML in the User Mapping Settings.

Products Affected

Expedition 1.1.6 and earlier

Available Updates

Expedition 1.1.7 and later

Workarounds and Mitigations



Palo Alto Networks would like to thank Sayali Kulkarni of Tenable for reporting this issue.