CVE-2019-0023

CWE-79Cross-site Scripting (XSS)20 documents6 sources
Severity
5.4MEDIUM
EPSS
0.3%
top 46.10%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Juniper ATPJuniper Advanced Threat Prevention
Timeline
PublishedJan 15
Latest updateMay 13

Description

A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/juniper_atp5.05.0.3

Patches

Patch: kb.juniper.netPatch: kb.juniper.net

🔴Vulnerability Details

2
GHSA
GHSA-5gxc-qhvh-x4f3: A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and2022-05-13
CVEList
Juniper ATP: Persistent Cross-Site Scripting vulnerability in the Golden VM menu2019-01-15

💥Exploits & PoCs

15
Exploit-DB
Adobe Acrobat Reader DC - Heap-Based Memory Corruption due to Malformed TTF Font2019-12-11
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed JBIG2Globals Stream2019-11-11
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use of Uninitialized Pointer due to Malformed OTF Font (CFF Table)2019-11-11
Exploit-DB
Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream (2)2019-10-21
Exploit-DB
Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream2019-08-15

📋Vendor Advisories

2
VMware
VMware Workstation and Horizon View Agent updates address a DLL-hijacking issue (CVE-2019-5539)2019-12-20
Juniper
CVE-2019-0023: A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and2019-01-15
CVE-2019-0023 (MEDIUM CVSS 5.4) | A persistent cross-site scripting ( | cvebase.io