Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3487Cross-site Scripting in Juniper Junos

CWE-79Cross-site Scripting5 documents4 sources
Severity
3.5LOWNVD
EPSS
0.4%
top 39.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Juniper JunosJuniper J-webJuniper Junos OS
Timeline
PublishedSep 30
Latest updateMay 2

Description

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages3 packages

NVDjuniper/junos8.5
juniperjuniper/j-web

🔴Vulnerability Details

1
GHSA
GHSA-9w8p-xcg8-8w62: Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 82022-05-02

💥Exploits & PoCs

2
Exploit-DB
Juniper Junos 8.5/9.0 J - Web Interface (Multiple Script) 'm[]' Cross-Site Scripting2009-09-22
Exploit-DB
Juniper Junos 8.5/9.0 J-Web Interface - 'scripter.php' Multiple Cross-Site Scripting Vulnerabilities2009-09-22

📋Vendor Advisories

1
Juniper
CVE-2009-3487: Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitr2009-09-30