CVE-2022-22181 — Cross-site Scripting in Networks Junos OS

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

5.4MEDIUMNVD

CNA8.0

EPSS

0.8%

top 25.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos OS Juniper Junos

Timeline

PublishedApr 14

Latest updateApr 15

Description

A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malicious scripts reflected off J-Web to the victim's browser in the context of their session within J-Web. This may allow the attacker to gain control of the device or attack other authenticated user sessions. This issue affects: Juniper Networks Junos OS All versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S6…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5juniper_networks/junos_osunspecified — 18.3R3-S5+10

▶NVDjuniper/junos< 18.3+11

🔴Vulnerability Details

GHSA

GHSA-526q-596m-c4g3: A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malici↗2022-04-15

▶

CVEList

Junos OS: J-Web can be compromised through reflected XSS attacks↗2022-04-14

▶

📋Vendor Advisories

Juniper

CVE-2022-22181: A reflected Cross-site Scripting (XSS) vulnerability in J-Web of Juniper Networks Junos OS allows a network-based authenticated attacker to run malici↗2022-04-14

▶