Juniper Secure Access XSS Vulnerability

2013-07-29T00:00:00
ID SECURITYVULNS:DOC:29661
Type securityvulns
Reporter Securityvulns
Modified 2013-07-29T00:00:00

Description


| Juniper Secure Access XSS Vulnerability|


Summary

Juniper Secure Access software has reflected XSS vulnerability

CVE number: CVE-2012-5460 PSN-2013-03-874 Impact: Low

Vendor homepage: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view

Vendor notified: 06/06/2012

Vendor fixed: 12/12/2012

Affected Products

Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 .

Details

In order to exploit this vulnerability , the client should authenticate to SSLVPN service.The vulnerable parameter exists on help page of IVE user web interface.

Effected parameter: WWHSearchWordsText

Impact

Execution of arbitrary script code in a user's browser during an authenticated session.

Solution

Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher.

Twitter @pazwant