CVE-2014-3820
Juniper Junos Pulse Secure Access Service < 7.1r16/7.4r3/8.0r1 & Access Control Service < 4.1r8/4.4r3/5.0r1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 7.1 before 7.1r16, 7.4 before 7.4r3, and 8.0 before 8.0r1 and the Juniper Junos Pulse Access Control Service devices with UAC OS 4.1 before 4.1r8, 4.4 before 4.4r3 and 5.0 before 5.0r1 allows remote administrators to inject arbitrary web script or HTML via unspecified vectors.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10645
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030852
Scores
EPSS
0.0032
EPSS Percentile
54.7%
Details
CWE
CWE-79
Status
published
Products (28)
juniper/junos_pulse_access_control_service
4.1
juniper/junos_pulse_access_control_service
4.1r1
juniper/junos_pulse_access_control_service
4.1r1.1
juniper/junos_pulse_access_control_service
4.1r2
juniper/junos_pulse_access_control_service
4.1r3
juniper/junos_pulse_access_control_service
4.1r4
juniper/junos_pulse_access_control_service
4.1r5
juniper/junos_pulse_access_control_service
4.4 (3 CPE variants)
juniper/junos_pulse_access_control_service
5.0
juniper/junos_pulse_secure_access_service
7.1
... and 18 more
Published
Sep 29, 2014
Tracked Since
Feb 18, 2026