CVE-2018-0011

CWE-79Cross-site Scripting (XSS)7 documents5 sources
Severity
5.4MEDIUM
EPSS
0.2%
top 61.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos SpaceJuniper Junos Space
Timeline
PublishedJan 10
Latest updateMay 13

Description

A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/junos_spaceAll17.2R1
NVDjuniper/junos_space6 versions+5

Patches

Patch: kb.juniper.netPatch: kb.juniper.net

🔴Vulnerability Details

2
GHSA
GHSA-mx48-xhq2-6v77: A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and2022-05-13
CVEList
Junos Space: Reflected XSS vulnerability in Junos Space management interface2018-01-10

💥Exploits & PoCs

3
Exploit-DB
NUUO NVRMini2 3.8 - 'cgi_system' Buffer Overflow (Enable Telnet)2018-09-18
Exploit-DB
VMware NSX SD-WAN Edge < 3.1.2 - Command Injection2018-07-02
Exploit-DB
BMC BladeLogic 8.3.00.64 - Remote Command Execution2018-01-26

📋Vendor Advisories

1
Juniper
CVE-2018-0011: A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and2018-01-10
CVE-2018-0011 (MEDIUM CVSS 5.4) | A reflected cross site scripting (X | cvebase.io