CVE-2014-2712
Juniper Junos Multiple Versions - Cross-Site Scripting via J-Web index.php
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030058
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/66767
Scores
EPSS
0.0030
EPSS Percentile
53.1%
Details
CWE
CWE-79
Status
published
Products (8)
juniper/junos
10.0
juniper/junos
10.4
juniper/junos
11.4
juniper/junos
12.1
juniper/junos
12.1x44
juniper/junos
12.1x45
juniper/junos
12.1x46
juniper/junos
12.2
Published
Apr 14, 2014
Tracked Since
Feb 18, 2026