CVE-2017-2307 — Cross-site Scripting in Juniper Junos Space

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 52.96%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Junos Space Juniper Networks Junos Space

Timeline

PublishedMay 30

Latest updateMay 17

Description

A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_spaceversions prior to 16.1R1

▶NVDjuniper/junos_space15.2

🔴Vulnerability Details

GHSA

GHSA-m4vv-qmvm-gq28: A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16↗2022-05-17

▶

CVEList

CVE-2017-2307: A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16↗2017-05-30

▶

📋Vendor Advisories

Juniper

CVE-2017-2307: A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remo↗2017-05-30

▶