Description
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Craig Lambert · textremotehardware
https://www.exploit-db.com/exploits/37429
References (3)
Core 3
Core References
Broken Link x_refsource_misc
http://www.secureworks.com/advisories/swrx-2012-004/SWRX-2012-004.pdf
Third Party Advisory x_refsource_misc
http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2012-004/
Vendor Advisory x_refsource_confirm
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2012-06-611&viewMode=view
Scores
EPSS
0.0105
EPSS Percentile
77.7%
Details
CWE
CWE-79
Status
published
Products (6)
juniper/networks_mobility_system_software
7.3
juniper/networks_mobility_system_software
7.4
juniper/networks_mobility_system_software
7.5
juniper/networks_mobility_system_software
7.5.1.6
juniper/networks_mobility_system_software
7.6
juniper/networks_mobility_system_software
7.7
Published
Apr 03, 2013
Tracked Since
Feb 18, 2026