CVE-2022-22182Cross-site Scripting in Networks Junos OS

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
CNA8.8
EPSS
0.7%
top 29.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos OSJuniper Junos
Timeline
PublishedApr 14
Latest updateApr 15

Description

A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S19; 15.1 versions prior to 15.1R7-S10; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S10, 18.4R3-S9; 19.1 versions prior to 19.1R2-S3, 19.1R3-S6; 19.2 ver

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5juniper_networks/junos_os12.312.3R12-S19+13
NVDjuniper/junos14 versions+13

🔴Vulnerability Details

2
GHSA
GHSA-9fvr-m6jg-h4hx: A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user2022-04-15
CVEList
Junos OS: A XSS vulnerability allows an attacker to execute commands on a target J-Web session2022-04-14

📋Vendor Advisories

1
Juniper
CVE-2022-22182: A Cross-site Scripting (XSS) vulnerability in Juniper Networks Junos OS J-Web allows an attacker to construct a URL that when visited by another user2022-04-14
CVE-2022-22182 — Cross-site Scripting | cvebase