41 matches found
CVE-2021-0275
A Cross-site Scripting XSS vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as...
The vulnerability in the J-Web web interface of the JunOS operating system allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability in the J-Web web interface of the JunOS operating system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
Junos OS vulnerable to directory traversal
Overview Junos OS contains a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Files on the server may be...
The vulnerability in the J-Web web interface of the Junos OS operating system allows attackers to execute cross-site scripting (XSS) attacks.
The vulnerability in the J-Web web interface of the Junos OS operating system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...
Juniper Networks Junos OS Cross-Site Scripting Vulnerability
Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A cross-site scripting vulnerability exists in the J-Web interface in Juniper Networks Junos OS. The vulnerability stems...
The vulnerability in the J-Web web interface of the Junos OS operating system allows a perpetrator to gain access to the target system with administrator privileges.
The vulnerability of the J-Web web interface of the Junos OS operating system is related to session management errors. Exploiting this vulnerability can allow a malicious actor to gain access to the target system with administrator privileges...
CVE-2019-0047
A persistent Cross-Site Scripting XSS vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue...
The vulnerability of the J-Web web interface of the Junos operating system, allowing a hacker to execute arbitrary code
The vulnerability of the J-Web web interface of the Junos operating system is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
Juniper Junos J-Web Interface PHP URL Handling Use-after-free RCE (JSA10828)
According to its self-reported version number, the remote Junos device is affected by a remote code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid106385; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...
The vulnerability of Juniper SRX 240 router microprogramming software allows a attacker to bypass the CSRF protection of the J-Web interface.
The Juniper SRX 240 router software contains a vulnerability in the Sajax AJAX library, which stems from the lack of checking the “csrftoken” parameter for GET requests...
Juniper Junos 8.5/9.0 J-Web Interface Multiple Script m[] Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...
Juniper Networks Junos OS CVE-2009-3485
Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...
CVE-2009-3487
Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...
CVE-2009-3486
Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...
Cross site scripting
Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...
CVE-2009-3485
Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...
CVE-2009-3486
Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...
CVE-2009-3487
Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...
CVE-2009-3485
Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...