CVE-2016-4923 — Cross-site Scripting in Networks Junos OS

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.3%

top 44.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos Juniper J-web +1 more

Timeline

PublishedOct 13

Latest updateMay 13

Description

Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to inject web script or HTML and steal sensitive data and credentials from a J-Web session and to perform administrative actions on the Junos device. Juniper SIRT is not aware of any malicious exploitation of this vulnerability. Affected releases are Juniper Networks Junos OS 11.4 prior to 11.4R13-S3; 12.1X44 prior to 12.1X44-D60; 12.1X46 prior to 12.1X…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

▶CVEListV5juniper_networks/junos_os13 versions+12

▶NVDjuniper/junos13 versions+12

▶juniperjuniper/junos_os

▶juniperjuniper/j-web

🔴Vulnerability Details

GHSA

GHSA-8p6g-483j-rff7: Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to in↗2022-05-13

▶

📋Vendor Advisories

Juniper

CVE-2016-4923: Insufficient cross site scripting protection in J-Web component in Juniper Networks Junos OS may potentially allow a remote unauthenticated user to in↗2017-10-13

▶