CVE-2014-2712

Juniper Junos - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.

References (3)

[Vendor Advisory] http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1030058

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/66767

Scores

EPSS 0.0030

EPSS Percentile 52.8%

Details

CWE

CWE-79

Status published

Products (9)

juniper/junos

n/a/n/a

Published Apr 14, 2014

Tracked Since Feb 18, 2026