Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3486Cross-site Scripting in Juniper Junos

CWE-79Cross-site Scripting5 documents4 sources
Severity
3.5LOWNVD
EPSS
0.4%
top 39.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Juniper JunosJuniper J-webJuniper Junos OS
Timeline
PublishedSep 30
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configur

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

NVDjuniper/junos8.5
juniperjuniper/j-web

🔴Vulnerability Details

1
GHSA
GHSA-vph7-v96r-wc7m: Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 82022-05-02

💥Exploits & PoCs

2
Exploit-DB
Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Cross-Site Scripting Vulnerabilities2009-09-22
Exploit-DB
Juniper Junos 8.5/9.0 J-Web Interface - '/diagnose' Multiple Cross-Site Scripting Vulnerabilities2009-09-22

📋Vendor Advisories

1
Juniper
CVE-2009-3486: Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitr2009-09-30