CVE-2026-21904

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.1MEDIUM

EPSS

0.0%

top 89.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Juniper Networks Junos Space

Timeline

PublishedApr 9

Latest updateApr 10

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R5 Patch V3.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Affected Packages1 packages

▶CVEListV5juniper_networks/junos_space< 24.1R5 Patch V3

🔴Vulnerability Details

GHSA

GHSA-3cpj-89qh-f3x6: An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attack↗2026-04-10

▶

VulDB

Juniper Junos Space up to 24.1R4 list filter cross site scripting (JSA106003)↗2026-04-10

▶

CVEList

Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection↗2026-04-09

▶