CVE-2012-1038
published 2013-04-03CVE-2012-1038: Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before…
PriorityP420medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.62%
73.0th percentile
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | networks_mobility_system_software | — | — |
| juniper | networks_mobility_system_software | — | — |
| juniper | networks_mobility_system_software | — | — |
| juniper | networks_mobility_system_software | — | — |
| juniper | networks_mobility_system_software | — | — |
| juniper | networks_mobility_system_software | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5vhp-3cj2-xwgm: Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login
ghsa_unreviewed·2022-05-17
CVE-2012-1038 [MEDIUM] CWE-79 GHSA-5vhp-3cj2-xwgm: Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
Juniper
CVE-2012-1038: Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x b
vendor_juniper·2013-04-03·CVSS 4.3
CVE-2012-1038 [MEDIUM] CWE-79 CVE-2012-1038: Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x b
CVE-2012-1038: Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
No detection rules found.
Exploit-DB
Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting
exploitdb·2012-06-14
CVE-2012-1038 Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting
Juniper Networks Mobility System Software - '/aaa/wba_login.html' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/54075/info
Mobility System Software is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Mobility System Software versions prior to 7.6.3 and 7.7.1 are vulnerable.
https://www.example.com/aaa/wba_login.html?wbaredirect=wba-dnserror&9f45dâ?>alert(1)22whatever=1
Exploit-DB
Netmechanica NetDecision Dashboard Server - Information Disclosure
exploitdb·2012-02-29
CVE-2012-1464 Netmechanica NetDecision Dashboard Server - Information Disclosure
Netmechanica NetDecision Dashboard Server - Information Disclosure
---
##############################################################################
#
# Title : Netmechanica NetDecision Dashboard Server Information Disclosure
# Vulnerability
# Author : Prabhu S Angadi SecPod Technologies (www.secpod.com)
# Vendor : http://www.netmechanica.com
# Advisory : http://secpod.org/blog/?p=478
# http://secpod.org/advisories/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_Vuln.txt
# http://secpod.org/exploits/SecPod_Netmechanica_NetDecision_Dashboard_Server_Info_Disc_PoC.py
# Software : Netmechanica NetDecision Dashboard Server version 1.0
# Date : 05/12/2011
#
###############################################################################
SecPod ID: 1038 05/12/2011 Issue Discovered
2
No writeups or analysis indexed.
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-611&viewMode=viewhttp://www.secureworks.com/advisories/swrx-2012-004/SWRX-2012-004.pdfhttp://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-004/http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-611&viewMode=viewhttp://www.secureworks.com/advisories/swrx-2012-004/SWRX-2012-004.pdfhttp://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-004/
2013-04-03
Published