CVE-2021-31373Improper Input Validation in Networks Junos OS

CWE-20Improper Input ValidationCWE-79Cross-site Scripting4 documents4 sources
Severity
5.4MEDIUMNVD
CNA8.0
EPSS
0.3%
top 48.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedOct 19
Latest updateMay 24

Description

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions pr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/junos_os18.218.2R3-S8+9
NVDjuniper/junos10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-g7w8-c4q4-2ch4: A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated use2022-05-24
CVEList
Junos OS: SRX Series: Persistent XSS vulnerability in J-Web2021-10-19

📋Vendor Advisories

1
Juniper
CVE-2021-31373: A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated use2021-10-19
CVE-2021-31373 — Improper Input Validation | cvebase