Lucene search

K
prionPRIOn knowledge basePRION:CVE-2024-21620
HistoryJan 25, 2024 - 11:15 p.m.

Cross site scripting

2024-01-2523:15:00
PRIOn knowledge base
www.prio-n.com
7
improper neutralization input
web page generation
command execution
administrator permissions
j-web
emit_debug_note method
webauth_operation.php
security advisory
nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.5 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

17.0%

An Improper Neutralization of Input During Web Page Generation (β€˜Cross-site Scripting’) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target’s permissions, including an administrator.

A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.

This issue affects Juniper Networks Junos OS on SRX Series and EX Series:

  • All versions earlier than 20.4R3-S10;
  • 21.2 versions earlier than 21.2R3-S8;
  • 21.4 versions earlier than 21.4R3-S6;
  • 22.1 versions earlier than 22.1R3-S5;
  • 22.2 versions earlier than 22.2R3-S3;
  • 22.3 versions earlier than 22.3R3-S2;
  • 22.4 versions earlier than 22.4R3-S1;
  • 23.2 versions earlier than 23.2R2;
  • 23.4 versions earlier than 23.4R2.
Rows per page:
1-10 of 891

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

7.5 High

AI Score

Confidence

Low

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.0005 Low

EPSS

Percentile

17.0%

Related for PRION:CVE-2024-21620