CVE-2012-5460

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 50.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper IVE OS

Timeline

PublishedAug 1

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDjuniper/ive_os7.1, 7.2, 7.3+2

🔴Vulnerability Details

GHSA

GHSA-5cmx-jcm8-6c7m: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7↗2022-05-17

▶

CVEList

CVE-2012-5460: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7↗2013-07-31

▶

📋Vendor Advisories

Juniper

CVE-2012-5460: Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x befor↗2013-08-01

▶