CVE-2017-10612

Published: Oct 13, 2017Modified: May 13, 2026

8.0

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: NVD

Description

A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.

Affected (1)

Products: Juniper: Junos Space

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Juniper Junos Space	Up to 16.1r3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securityfocus.com/bid/101256

Source: sirt@juniper.net

Third Party AdvisoryVDB Entry

https://kb.juniper.net/JSA10826

Source: sirt@juniper.net

Vendor Advisory

http://www.securityfocus.com/bid/101256

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://kb.juniper.net/JSA10826

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.