CVE-2025-59993Cross-site Scripting in Networks Junos Space

CWE-79Cross-site Scripting4 documents4 sources
Severity
5.1MEDIUMNVD
EPSS
0.0%
top 90.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Juniper Networks Junos SpaceJuniper Junos Space
Timeline
PublishedOct 9

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Space Node Setting fields that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages2 packages

CVEListV5juniper_networks/junos_space< 24.1R4
NVDjuniper/junos_space< 24.1+1

🔴Vulnerability Details

2
GHSA
GHSA-xfgx-qq8c-jhjr: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attack2025-10-09
CVEList
Junos Space: Space Node Setting fields are vulnerable to reflected cross-site script injection2025-10-09

📋Vendor Advisories

1
Juniper
CVE-2025-59993: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attack2025-10-09
CVE-2025-59993 — Cross-site Scripting | cvebase