CVE-2017-10612 — Cross-site Scripting in Juniper Junos Space

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

8.0HIGHNVD

EPSS

0.4%

top 39.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedOct 13

Latest updateMay 13

Description

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 17.1R1

▶NVDjuniper/junos_space16.1r3

🔴Vulnerability Details

GHSA

GHSA-j8cv-m38f-wj28: A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javas↗2022-05-13

▶

CVEList

Junos Space: Persistent Cross site scripting in Junos Space↗2017-10-13

▶

📋Vendor Advisories

Juniper

CVE-2017-10612: A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javas↗2017-10-13

▶