Exploitation Summary
EIP tracks 1 public exploit for CVE-2012-1038. PoCs published by Craig Lambert.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in Mobility System Software by injecting arbitrary JavaScript code via the 'wbaredirect' parameter in the URL. The vulnerability arises due to insufficient input sanitization, allowing script execution in the context of the affected site.
Description
Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in Mobility System Software by injecting arbitrary JavaScript code via the 'wbaredirect' parameter in the URL. The vulnerability arises due to insufficient input sanitization, allowing script execution in the context of the affected site.