CVE-2014-2291

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

3.5LOW

EPSS

0.2%

top 56.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper IVE OS

Timeline

PublishedMar 14

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 6.8 | Impact: 2.9

Affected Packages1 packages

▶NVDjuniper/ive_os4 versions+3

🔴Vulnerability Details

GHSA

GHSA-48mm-gw49-vvgc: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL↗2022-05-17

▶

CVEList

CVE-2014-2291: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL↗2014-03-14

▶

💥Exploits & PoCs

Exploit-DB

Intel Network Adapter Diagnostic Driver - IOCTL Handling↗2015-03-14

▶

📋Vendor Advisories

Juniper

CVE-2014-2291: Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL↗2014-03-14

▶