CVE-2025-59974

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
9.3CRITICAL
EPSS
0.0%
top 90.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos Space Security DirectorJuniper Space Security Director
Timeline
PublishedOct 9

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access affected pages.This issue affects Juniper Security Director: * All versions before 24.1R4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Junos Space Security Director: Persistent Cross-Site Scripting (XSS) vulnerability2025-10-09
GHSA
GHSA-c74m-j3p4-8gjx: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attac2025-10-09

📋Vendor Advisories

1
Juniper
CVE-2025-59974: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attac2025-10-09
CVE-2025-59974 (CRITICAL CVSS 9.3) | An Improper Neutralization of Input | cvebase.io