CVE-2009-3487

Juniper Junos - XSS

Title source: rule
STIX 2.1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Amir Azam · textremotehardware
https://www.exploit-db.com/exploits/33260
exploitdb WORKING POC VERIFIED
by Amir Azam · textremotehardware
https://www.exploit-db.com/exploits/33261

References (4)

Core 4
Core References
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2784
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36537
Exploit, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36829

Scores

EPSS 0.0039
EPSS Percentile 60.0%

Details

CWE
CWE-79
Status published
Products (1)
juniper/junos 8.5 r1.14
Published Sep 30, 2009
Tracked Since Feb 18, 2026