CVE-2025-59985

CWE-79Cross-site Scripting (XSS)4 documents4 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 90.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos SpaceJuniper Junos Space
Timeline
PublishedOct 9

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in a field on the Purging Policy page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.This issue affects all versions of Junos Space before 24.1R4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_space< 24.1R4
NVDjuniper/junos_space< 24.1+1

🔴Vulnerability Details

2
GHSA
GHSA-qr9w-x5x5-9pqx: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attack2025-10-09
CVEList
Junos Space: Purging Policy field is vulnerable to reflected cross-site script injection2025-10-09

📋Vendor Advisories

1
Juniper
CVE-2025-59985: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attack2025-10-09