CVE-2021-31355Cross-site Scripting in Networks Junos OS

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
CNA8.0
EPSS
0.3%
top 44.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 19
Latest updateMay 24

Description

A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.3X4812.3X48-D105+12
NVDjuniper/junos13 versions+12

Patches

Patch: kb.juniper.netPatch: kb.juniper.net

🔴Vulnerability Details

2
GHSA
GHSA-w7x3-wr5v-vqm4: A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote a2022-05-24
CVEList
Junos OS: Stored Cross-Site Scripting (XSS) vulnerability in captive portal2021-10-19

📋Vendor Advisories

1
Juniper
CVE-2021-31355: A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote a2021-10-19
CVE-2021-31355 — Cross-site Scripting | cvebase