CVE-2014-2712 — Cross-site Scripting in Juniper Junos

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Juniper J-web Juniper Junos OS

Timeline

PublishedApr 14

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDjuniper/junos8 versions+7

▶juniperjuniper/junos_os

▶juniperjuniper/j-web

🔴Vulnerability Details

GHSA

GHSA-84fm-2q9v-55qr: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10↗2022-05-17

▶

📋Vendor Advisories

Juniper

CVE-2014-2712: Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X↗2014-04-14

▶