CVE-2019-0018
published 2019-01-15CVE-2019-0018: A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | advanced_threat_prevention | >= 5.0.0 < 5.0.3 | 5.0.3 |
| juniper_networks | juniper_atp | >= 5 < 5.0.3 | 5.0.3 |
| linux | linux_kernel | >= 0 < 6.8.11-1 | 6.8.11-1 |