CVE-2022-22242: A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts…

medium6.1CVSS 3.1

AVNACLPRNUIRSCCLILAN

EXPLOIT

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.

Affected

29 ranges· showing 25

Vendor	Product	Version range	Fixed in
juniper	j-web	—	—
juniper	junos	< 19.1	19.1
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos	—	—
juniper	junos_os	—	—
juniper_networks	junos_os	>= 19.2 < 19.2R3-S6	19.2R3-S6
juniper_networks	junos_os	>= 19.3 < 19.3R3-S7	19.3R3-S7
juniper_networks	junos_os	>= 19.4 < 19.4R2-S7, 19.4R3-S8	19.4R2-S7, 19.4R3-S8
juniper_networks	junos_os	>= 20.1 < 20.1R3-S5	20.1R3-S5
juniper_networks	junos_os	>= 20.2 < 20.2R3-S5	20.2R3-S5
juniper_networks	junos_os	>= 20.3 < 20.3R3-S5	20.3R3-S5
juniper_networks	junos_os	>= 20.4 < 20.4R3-S4	20.4R3-S4
juniper_networks	junos_os	>= 21.1 < 21.1R3-S4	21.1R3-S4
juniper_networks	junos_os	>= 21.2 < 21.2R3-S1	21.2R3-S1

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

vulncheck6.1MEDIUM