Palo Alto Networks MineMeld 0.9.60 Cross-site Scripting Vulnerability

Summary

Cross-site scripting vulnerability in Palo Alto Networks MineMeld version 0.9.60 and earlier may allow a remote attacker able to convince an authenticated MineMeld admin to type malicious input in the MineMeld UI could execute arbitrary JavaScript code in the admin?s browser.

Credit:

The information has been provided by Netskope and Veracode

The original article can be found at:

https://securityadvisories.paloaltonetworks.com/Home/Detail/153


Details

Palo Alto Networks MineMeld is prone to an cross-site scripting vulnerability.An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Vulnerable Systems:
Paloaltonetworks MineMeld 0.9.60

CVE Information:
CVE-2019-1578

Disclosure Timeline:
07/01/2019