CVE-2018-0047

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 45.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos Space Security DirectorJuniper Junos Space
Timeline
PublishedOct 10
Latest updateMay 13

Description

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

CVEListV5juniper_networks/junos_space_security_directorunspecified17.2R2
NVDjuniper/junos_space7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-jfhr-wvwp-h8r9: A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject pers2022-05-13
CVEList
Junos Space Security Director: XSS vulnerability in web administration2018-10-10

📋Vendor Advisories

1
Juniper
CVE-2018-0047: A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject pers2018-10-10
CVE-2018-0047 (MEDIUM CVSS 5.4) | A persistent cross-site scripting v | cvebase.io