← Back

CVE-2018-0059

nvd nist
Published: Oct 10, 2018Modified: Nov 21, 2024

JSON object

Loading...
5.4
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Exploitability: 2.3 / Impact: 2.7
Source: NVD

Description

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.

Affected (27)

Juniper
1 product
Netscreen Screenos
Configuration A
27 vulnerable
Vulnerable SoftwareAffected Versions
Juniper
Netscreen Screenos
Version 6.3.0
Netscreen Screenos
Version 6.3.0r10
Netscreen Screenos
Version 6.3.0r11
Netscreen Screenos
Version 6.3.0r12
Netscreen Screenos
Version 6.3.0r13
Netscreen Screenos
Version 6.3.0r14
Netscreen Screenos
Version 6.3.0r15
Netscreen Screenos
Version 6.3.0r16
Netscreen Screenos
Version 6.3.0r17
Netscreen Screenos
Version 6.3.0r18
Netscreen Screenos
Version 6.3.0r19
Netscreen Screenos
Version 6.3.0r1
Netscreen Screenos
Version 6.3.0r21
Netscreen Screenos
Version 6.3.0r22
Netscreen Screenos
Version 6.3.0r23
Netscreen Screenos
Version 6.3.0r23b1
Netscreen Screenos
Version 6.3.0r24
Netscreen Screenos
Version 6.3.0r24b1
Netscreen Screenos
Version 6.3.0r25
Netscreen Screenos
Version 6.3.0r2
Netscreen Screenos
Version 6.3.0r3
Netscreen Screenos
Version 6.3.0r4
Netscreen Screenos
Version 6.3.0r5
Netscreen Screenos
Version 6.3.0r6
Netscreen Screenos
Version 6.3.0r7
Netscreen Screenos
Version 6.3.0r8
Netscreen Screenos
Version 6.3.0r9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

Source: sirt@juniper.net
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.