CVE-2017-2338

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 56.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks ScreenosJuniper Screenos
Timeline
PublishedJul 17
Latest updateMay 17

Description

A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user with the 'security' role to inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Junip

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

CVEListV5juniper_networks/screenos6.3.0 prior to 6.3.0r24
NVDjuniper/screenos6.3.0

🔴Vulnerability Details

2
GHSA
GHSA-pw6c-8vcv-7fmm: A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user w2022-05-17
CVEList
ScreenOS: XSS vulnerability in ScreenOS Firewall2017-07-14

📋Vendor Advisories

1
Juniper
CVE-2017-2338: A persistent cross site scripting vulnerability in NetScreen WebUI of Juniper Networks Juniper NetScreen Firewall+VPN running ScreenOS allows a user w2017-07-17

💬Community

1
Bugzilla
CVE-2017-9461 samba: fd_open_atomic infinite loop due to wrong handling of dangling symlinks2017-06-07
CVE-2017-2338 (MEDIUM CVSS 5.4) | A persistent cross site scripting v | cvebase.io