← Back

CVE-2018-0047

nvd nist
Published: Oct 10, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

Affected (16)

Products: Juniper: Junos Space
Juniper
1 product
Junos Space
Configuration A
16 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Junos Space
Version 13.3 r1
Junos Space
Version 13.3 r2
Junos Space
Version 14.1 r1
Junos Space
Version 14.1 r2
Junos Space
Version 14.1 r3
Junos Space
Version 15.1 r1
Junos Space
Version 15.1 r2
Junos Space
Version 15.1 r3
Junos Space
Version 15.1 r4
Junos Space
Version 15.2 r1
Junos Space
Version 15.2 r2
Junos Space
Version 16.1 r1
Junos Space
Version 16.1 r2
Junos Space
Version 16.1 r3
Junos Space
Version 17.1 r1
Junos Space
Version 17.2 r1

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

Source: sirt@juniper.net
Third Party AdvisoryVDB Entry
Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.