Detections
Analytics

Juniper Junos J-Web XSS (PSN-2012-07-649)

medium Nessus Plugin ID 59993

Language:

Synopsis

The remote device has a cross-site scripting vulnerability.

Description

According to its self-reported version number, the remote Junos device has a cross-site scripting vulnerability in the J-Web component.
Unspecified input to index.php can result in cross-site scripting.

Solution

Apply the relevant Junos upgrade referenced in Juniper advisory PSN-2012-07-649.

See Also

http://www.nessus.org/u?acebd1ad

https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521

Plugin Details

Severity: Medium

ID: 59993

File Name: juniper_psn-2012-07-649.nasl

Version: 1.11

Type: combined

Published: 7/17/2012

Updated: 7/12/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version, Host/Juniper/JUNOS/BuildDate

Exploit Ease: No known exploits are available

Patch Publication Date: 7/10/2012

Vulnerability Publication Date: 7/10/2012

Reference Information

CVE: CVE-2014-2712

BID: 66767

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990