CVE-2018-0059

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources

Severity

5.4MEDIUM

EPSS

0.1%

top 67.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Screenos Juniper Netscreen Screenos

Timeline

PublishedOct 10

Latest updateMay 13

Description

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/screenos6.3.0 — 6.3.0r26

▶NVDjuniper/netscreen_screenos27 versions+26

🔴Vulnerability Details

GHSA

GHSA-rxwg-m244-vxc3: A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script↗2022-05-13

▶

CVEList

ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability↗2018-10-10

▶

💥Exploits & PoCs

Exploit-DB

Microsoft Edge Chakra JIT - Parameter Scope Parsing Type Confusion↗2018-08-17

▶

📋Vendor Advisories

Juniper

CVE-2018-0059: A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script↗2018-10-10

▶