Lucene search
K

41 matches found

OSV
OSV
added 2021/04/22 8:15 p.m.4 views

CVE-2021-0275

A Cross-site Scripting XSS vulnerability in J-Web on Juniper Networks Junos OS allows an attacker to target another user's session thereby gaining access to the users session. The other user session must be active for the attack to succeed. Once successful, the attacker has the same privileges as...

8.8CVSS7.2AI score0.01171EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2020/03/20 12:0 a.m.7 views

The vulnerability in the J-Web web interface of the JunOS operating system allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability in the J-Web web interface of the JunOS operating system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

7.6CVSS6AI score0.00881EPSS
Exploits0References3Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2020/01/10 5:48 a.m.6 views

Junos OS vulnerable to directory traversal

Overview Junos OS contains a directory traversal vulnerability CWE-22. Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact Files on the server may be...

8.1CVSS6.6AI score0.00931EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2019/11/26 12:0 a.m.5 views

The vulnerability in the J-Web web interface of the Junos OS operating system allows attackers to execute cross-site scripting (XSS) attacks.

The vulnerability in the J-Web web interface of the Junos OS operating system is related to insufficient protection of the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...

9.3CVSS7.3AI score0.01557EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2019/10/21 12:0 a.m.4 views

Juniper Networks Junos OS Cross-Site Scripting Vulnerability

Juniper Networks Junos OS is a Juniper Networks network operating system for the company's hardware devices. The OS provides a secure programming interface and the Junos SDK. A cross-site scripting vulnerability exists in the J-Web interface in Juniper Networks Junos OS. The vulnerability stems...

8.8CVSS6.4AI score0.01557EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2019/10/16 12:0 a.m.5 views

The vulnerability in the J-Web web interface of the Junos OS operating system allows a perpetrator to gain access to the target system with administrator privileges.

The vulnerability of the J-Web web interface of the Junos OS operating system is related to session management errors. Exploiting this vulnerability can allow a malicious actor to gain access to the target system with administrator privileges...

7.6CVSS5.5AI score0.01085EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2019/10/09 8:15 p.m.30 views

CVE-2019-0047

A persistent Cross-Site Scripting XSS vulnerability in Junos OS J-Web interface may allow remote unauthenticated attackers to perform administrative actions on the Junos device. Successful exploitation requires a Junos administrator to first perform certain diagnostic actions on J-Web. This issue...

8.8CVSS7.8AI score0.01557EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2018/04/20 12:0 a.m.8 views

The vulnerability of the J-Web web interface of the Junos operating system, allowing a hacker to execute arbitrary code

The vulnerability of the J-Web web interface of the Junos operating system is related to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

9.8CVSS8.2AI score0.06335EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2018/01/26 12:0 a.m.75 views

Juniper Junos J-Web Interface PHP URL Handling Use-after-free RCE (JSA10828)

According to its self-reported version number, the remote Junos device is affected by a remote code execution vulnerability. C Tenable Network Security, Inc. include'compat.inc'; if description scriptid106385; scriptversion"1.6"; scriptsetattributeattribute:"pluginmodificationdate",...

9.8CVSS8AI score0.06335EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2016/07/07 12:0 a.m.7 views

The vulnerability of Juniper SRX 240 router microprogramming software allows a attacker to bypass the CSRF protection of the J-Web interface.

The Juniper SRX 240 router software contains a vulnerability in the Sajax AJAX library, which stems from the lack of checking the “csrftoken” parameter for GET requests...

5.1CVSS5.5AI score0.00975EPSS
Exploits0References4Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.16 views

Juniper Junos 8.5/9.0 J-Web Interface Multiple Script m[] Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/36537/info Juniper Networks JUNOS is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data to J-Web Juniper Web Management. Attacker-supplie...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2011/07/13 12:0 a.m.23 views

Juniper Networks Junos OS CVE-2009-3485

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a...

4.3CVSS5.2AI score0.01452EPSS
Exploits1
Prion
Prion
added 2009/09/30 3:30 p.m.20 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...

3.5CVSS5.7AI score0.01248EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/09/30 3:30 p.m.26 views

CVE-2009-3487

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...

3.5CVSS5.5AI score0.01248EPSS
Exploits1References4
NVD
NVD
added 2009/09/30 3:30 p.m.25 views

CVE-2009-3486

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...

3.5CVSS5.5AI score0.01248EPSS
Exploits1References4
Prion
Prion
added 2009/09/30 3:30 p.m.18 views

Cross site scripting

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

4.3CVSS6.2AI score0.01452EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2009/09/30 3:30 p.m.24 views

CVE-2009-3485

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

4.3CVSS5.7AI score0.01452EPSS
Exploits1References4
Cvelist
Cvelist
added 2009/09/30 3:0 p.m.28 views

CVE-2009-3486

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to 1 the pinghost program, reachable through the diagnose program; or 2 the traceroute program, reachab...

5.5AI score0.01248EPSS
Exploits1References4
Cvelist
Cvelist
added 2009/09/30 3:0 p.m.29 views

CVE-2009-3487

Multiple cross-site scripting XSS vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via 1 the JEXECOUTID parameter in a JEXECMODERELAYOUTPUT action to the jexec program; the 2 act, 3 refresh-time, or 4 ifid...

5.5AI score0.01248EPSS
Exploits1References4
Cvelist
Cvelist
added 2009/09/30 3:0 p.m.28 views

CVE-2009-3485

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

5.7AI score0.01452EPSS
Exploits1References4
Rows per page
Query Builder