CVE-2013-5095

Published: Aug 16, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469.

Affected (9)

Products: Juniper: Junos Space, Junos Space Ja1500 Appliance, Junos Space Virtual Appliance

Juniper

3 products

Junos Space

Junos Space Ja1500 Appliance

Junos Space Virtual Appliance

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Space	Version 11.1
Juniper Junos Space	Version 11.2
Juniper Junos Space	Version 11.3
Juniper Junos Space	Version 11.4
Juniper Junos Space	Version 12.1
Juniper Junos Space	Version 12.2
Juniper Junos Space	Version 12.3
Juniper Junos Space Ja1500 Appliance	All versions
Juniper Junos Space Virtual Appliance	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://kb.juniper.net/JSA10585

Source: cve@mitre.org

Vendor Advisory

http://www.securitytracker.com/id/1028923

Source: cve@mitre.org

http://kb.juniper.net/JSA10585

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1028923

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.