Description
Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/31528
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2008/2713
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/32078
Various Sources x_refsource_misc
http://www.layereddefense.com/netscreen01oct.html
Scores
EPSS
0.0029
EPSS Percentile
52.0%
Details
CWE
CWE-79
Status
published
Products (50)
juniper/netscreen_screenos
1.6.0
juniper/netscreen_screenos
2.0.0
juniper/netscreen_screenos
2.5.0
juniper/netscreen_screenos
2.6.0
juniper/netscreen_screenos
2.6.1
juniper/netscreen_screenos
2.6.1r1
juniper/netscreen_screenos
2.6.1r2
juniper/netscreen_screenos
2.6.1r3
juniper/netscreen_screenos
2.6.1r4
juniper/netscreen_screenos
2.6.1r5
... and 40 more
Published
Feb 09, 2009
Tracked Since
Feb 18, 2026