14 matches found
Vulnerabilities fixed in Juniper Networks Junos Space
Juniper has fixed vulnerabilities in Junos Space Specifically for all versions prior to 24.1R4. The vulnerabilities are in the way Juniper Networks Junos Space processes user input. Attackers can inject malicious scripts into various pages, such as the Device Template Definition, Global Search, a...
CVE-2025-59983
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59981
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the...
EUVD-2025-33384
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59981
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the...
CVE-2025-59983
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59983
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59995 Junos Space: Template creation through Definition is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Quick Template page that, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59983 Junos Space: Template Definition page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59983 Junos Space: Template Definition page is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Template Definition page, when visited by another user, enables the attacker to execute commands with the target's...
CVE-2025-59983
CVE-2025-59983 affects Juniper Networks Junos Space prior to version 24.1R4. The issue is an Improp er Neutralization of Input During Web Page Generation (Cross-site Scripting) that allows an attacker to inject script tags on the Template Definition page; when another user visits that page, the a...
CVE-2025-59981
CVE-2025-59981 corresponds to a Cross-site Scripting (XSS) flaw in Juniper Networks Junos Space prior to version 24.1R4. The issue arises from improper input neutralization during web page generation on the Device Template Definition page, allowing an attacker to inject script tags that, when vie...
PT-2025-41419
Name of the Vulnerable Software and Affected Versions Juniper Networks Junos Space versions prior to 24.1R4 Description An issue exists in Juniper Networks Junos Space that allows an attacker to inject script tags into the Template Definition page. When another user visits this page, the injected...
Arbitrary Code Injection
@backstage/plugin-scaffolder-backend is vulnerable to Arbitrary Code Injection. The vulnerability exists due to sandbox bypass in ScaffolderEntitiesProcessor.js, which allows an attacker with write access to a registered scaffolder template to inject code through the YAML template definition...