CVE-2022-22229 — Cross-site Scripting in Networks Paragon Active Assurance

CWE-79 — Cross-site Scripting4 documents4 sources

Severity

8.4HIGHNVD

EPSS

0.7%

top 28.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Paragon Active Assurance Juniper Paragon Active Assurance Control Center

Timeline

PublishedOct 18

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks e…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:HExploitability: 1.7 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5juniper_networks/paragon_active_assuranceunspecified — 3.1.1+1

▶NVDjuniper/paragon_active_assurance_control_center< 3.1.1+1

🔴Vulnerability Details

GHSA

GHSA-h8xr-vrcj-c52v: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Ce↗2022-10-18

▶

CVEList

Paragon Active Assurance (Formerly Netrounds): Stored Cross-site Scripting (XSS) vulnerability in web administration↗2022-10-18

▶

📋Vendor Advisories

Juniper

CVE-2022-22229: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Ce↗2022-10-18

▶