CVE-2014-3820

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.3%

top 45.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Pulse Access Control Service Juniper Junos Pulse Secure Access Service

Timeline

PublishedSep 29

Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

▶NVDjuniper/junos_pulse_secure_access_service19 versions+18

▶NVDjuniper/junos_pulse_access_control_service9 versions+8

🔴Vulnerability Details

GHSA

GHSA-6g26-h884-xwv8: Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS↗2022-05-17

▶

CVEList

CVE-2014-3820: Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS↗2014-09-29

▶

📋Vendor Advisories

Juniper

CVE-2014-3820: Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS↗2014-09-29

▶