CVE-2014-2711
Juniper Junos Multiple Versions - Cross-Site Scripting in J-Web
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10619
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66770
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030061
Scores
EPSS
0.0057
EPSS Percentile
68.8%
Details
CWE
CWE-79
Status
published
Products (11)
juniper/junos
11.4
juniper/junos
11.4x27
juniper/junos
12.1
juniper/junos
12.1x44
juniper/junos
12.1x45
juniper/junos
12.1x46
juniper/junos
12.2
juniper/junos
12.3
juniper/junos
13.1
juniper/junos
13.2
... and 1 more
Published
Apr 14, 2014
Tracked Since
Feb 18, 2026