CVE-2014-2712

2014-04-1415:09:06

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-2712

cross-site scripting

xss

j-web

juniper junos

remote attack

5.8 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.8%

JSON

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.

Affected configurations

NVD

Node

juniperjunosMatch10.0

juniperjunosMatch10.4

juniperjunosMatch11.4

juniperjunosMatch12.1

juniperjunosMatch12.1x44

juniperjunosMatch12.1x45

juniperjunosMatch12.1x46

juniperjunosMatch12.2

CPENameOperatorVersion
juniper:junosjuniper junoseq10.0
juniper:junosjuniper junoseq10.4
juniper:junosjuniper junoseq11.4
juniper:junosjuniper junoseq12.1
juniper:junosjuniper junoseq12.1x44
juniper:junosjuniper junoseq12.1x45
juniper:junosjuniper junoseq12.1x46
juniper:junosjuniper junoseq12.2

CPE	Name	Operator	Version
juniper:junos	juniper junos	eq	10.0
juniper:junos	juniper junos	eq	10.4
juniper:junos	juniper junos	eq	11.4
juniper:junos	juniper junos	eq	12.1
juniper:junos	juniper junos	eq	12.1x44
juniper:junos	juniper junos	eq	12.1x45
juniper:junos	juniper junos	eq	12.1x46
juniper:junos	juniper junos	eq	12.2