CVE-2019-1578

Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin’s browser.

CVSS v3 6.1 MEDIUM
CVSS v2.0 4.3 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

Vector : AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability : 2.8 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/bid/109056
https://security.paloaltonetworks.com/CVE-2019-1578
http://www.securityfocus.com/bid/109056
https://security.paloaltonetworks.com/CVE-2019-1578

Configurations

Configuration 1 (hide)

cpe:2.3:a:paloaltonetworks:minemeld:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-07-01 19:15

Updated : 2024-11-21 04:36

NVD link : CVE-2019-1578

Mitre link : CVE-2019-1578

CVE.ORG link : CVE-2019-1578

JSON object : View

Products Affected

paloaltonetworks

minemeld

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2019-1578", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2019-07-01T19:15:11.150", "references": [{"url": "http://www.securityfocus.com/bid/109056", "source": "psirt@paloaltonetworks.com"}, {"url": "https://security.paloaltonetworks.com/CVE-2019-1578", "source": "psirt@paloaltonetworks.com"}, {"url": "http://www.securityfocus.com/bid/109056", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security.paloaltonetworks.com/CVE-2019-1578", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin\u2019s browser."}, {"lang": "es", "value": "La vulnerabilidad de secuencias de comandos entre sitios en la versi\u00f3n 0.9.60 y anterior de MineMeld de Palo Alto Networks puede permitir que un atacante remoto pueda convencer a un administrador de MineMeld autenticado para que ingrese datos maliciosos en la interfaz de usuario de MineMeld y ejecute c\u00f3digo JavaScript arbitrario en el navegador del administrador."}], "lastModified": "2024-11-21T04:36:50.863", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:paloaltonetworks:minemeld:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDB78CED-FB53-4FE9-92A3-355C40B37D3C", "versionEndIncluding": "0.9.60"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@paloaltonetworks.com"}