Juniper Junos J-Web Administrator Logs XSS (PSN-2011-10-392)

medium Nessus Plugin ID 56771

Synopsis

The remote device has a cross-site scripting vulnerability.

Description

According to its self-reported version number, the J-Web component of the remote Juniper device has a persistent cross-site scripting vulnerability. During the authentication process, user controlled input is added to the administrator logs. When an administrator reviews the logs, that user controlled input is displayed without being sanitized, which could result in a cross-site scripting attack.

Solution

Apply the relevant Junos upgrade referenced in Juniper advisory PSN-2011-10-392.

See Also

http://www.nessus.org/u?a1015579

Plugin Details

Severity: Medium

ID: 56771

File Name: juniper_psn-2011-10-392.nasl

Version: 1.8

Type: combined

Published: 11/10/2011

Updated: 8/10/2018

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/model, Host/Juniper/JUNOS/Version

Patch Publication Date: 10/12/2011

Vulnerability Publication Date: 10/12/2011

Reference Information

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990