CVE-2013-6956

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

2.1LOW

EPSS

0.2%

top 56.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper IVE OS

Timeline

PublishedDec 13

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDjuniper/ive_os4 versions+3

🔴Vulnerability Details

GHSA

GHSA-22h9-hghr-3qx7: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN)↗2022-05-17

▶

CVEList

CVE-2013-6956: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN)↗2013-12-13

▶

📋Vendor Advisories

Juniper

CVE-2013-6956: Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN)↗2013-12-13

▶