Palo Alto Networks Security Advisories /
CVE-2019-1568CVE-2019-1568 Cross Site Scripting (XSS) in Demisto
Attack Vector NETWORK
Attack Complexity LOW
Privileges Required NONE
User Interaction REQUIRED
Scope CHANGED
Confidentiality Impact LOW
Integrity Impact LOW
Availability Impact NONE
NVD JSON Published 2019-05-06
Updated 2020-09-01
Reference PAN-SA-2019-0010
Discovered externally
Description
A cross-site scripting (XSS) vulnerability exists in the Palo Alto Networks Demisto. (Ref CVE-2019-1568)
Successful exploitation of this issue may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML.
This issue affects Demisto 4.5 build 40249
Product Status
Versions | Affected | Unaffected |
---|
Demisto 4.5 | >= 40249, < 40589 | >= 40589 |
Severity: MEDIUM
CVSSv3.1 Base Score: 6.1 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
Weakness Type
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Solution
Demisto 4.5 build 40589
Workarounds and Mitigations
N/A
Acknowledgments
Palo Alto Networks would like to thank Mihalis Haatainen and Tomi Lindfors of Optimesys for reporting this issue.