发布日期：2019-06-19
更新日期：2019-06-19

受影响系统：

Palo Alto Networks Networks Expedition Migration Tool 1.1.9
Palo Alto Networks Networks Expedition Migration Tool 1.1.8
Palo Alto Networks Networks Expedition Migration Tool 1.1.7
Palo Alto Networks Networks Expedition Migration Tool 1.1.6
Palo Alto Networks Networks Expedition Migration Tool 1.1.5
Palo Alto Networks Networks Expedition Migration Tool 1.1.4
Palo Alto Networks Networks Expedition Migration Tool 1.1.3
Palo Alto Networks Networks Expedition Migration Tool 1.1.2
Palo Alto Networks Networks Expedition Migration Tool 1.1.12
Palo Alto Networks Networks Expedition Migration Tool 1.1.11
Palo Alto Networks Networks Expedition Migration Tool 1.1.10
Palo Alto Networks Networks Expedition Migration Tool 1.1.1
Palo Alto Networks Networks Expedition Migration Tool 1.1
Palo Alto Networks Networks Expedition Migration Tool 1.0.108
Palo Alto Networks Networks Expedition Migration Tool 1.0.107
Palo Alto Networks Networks Expedition Migration Tool 1.0.106

不受影响系统：

Palo Alto Networks Networks Expedition Migration Tool 1.1.13

描述：

---

BUGTRAQ  ID: 107900
CVE(CAN) ID: CVE-2019-1574

Palo Alto Networks Expedition Migration Tool是美国Palo Alto Networks公司的一款安全策略（配置）迁移工具。
Palo Alto Networks Expedition Migration工具1.1.12及更早版本中的跨站点脚本（XSS）漏洞可能允许经过身份验证的攻击者在“设备”视图中运行任意JavaScript或HTML。
攻击者可以利用此问题在受影响站点的上下文中在毫无戒心的用户的浏览器中执行任意脚本代码。这可能允许攻击者窃取基于cookie的身份验证凭据并发起其他攻击。

<*来源：Tenable的Sayali Kulkarni
  
  链接：https://securityadvisories.paloaltonetworks.com/Home/Detail/147
*>

建议：

---

厂商补丁：

Palo Alto Network
-----------------
Palo Alto Network已经为此发布了一个安全公告（(PAN-SA-2019-0009)）以及相应补丁:
(PAN-SA-2019-0009)：Cross-Site Scripting in Expedition Migration Tool
链接：https://securityadvisories.paloaltonetworks.com/Home/Detail/147

补丁下载：

浏览次数：2733
严重程度：0（网友投票）