CVE-2019-0023
published 2019-01-15CVE-2019-0023: A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| juniper | advanced_threat_prevention | >= 5.0.0 < 5.0.3 | 5.0.3 |
| juniper_networks | juniper_atp | >= 5.0 < 5.0.3 | 5.0.3 |