Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2022-22242 — Cross-site Scripting in Networks Junos OS
Severity
6.1MEDIUMNVD
EPSS
62.1%
top 1.64%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedOct 18
Latest updateOct 28
Description
A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7
Affected Packages2 packages
🔴Vulnerability Details
3GHSA▶
GHSA-qq74-54g4-qw47: A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scr↗2022-10-18
VulnCheck▶
Juniper Junos OS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')↗2022
💥Exploits & PoCs
1Nuclei▶
Juniper Web Device Manager - Cross-Site Scripting
🔍Detection Rules
1📋Vendor Advisories
1Juniper▶
CVE-2022-22242: A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scr↗2022-10-18