CVE-2014-3824
Juniper Junos Pulse Secure Access Service 8.0 < 8.0r6, 7.4 < 7.4r13, 7.1 < 7.1r20 - Cross-Site Scripting
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the web server in the Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS 8.0 before 8.0r6, 7.4 before 7.4r13, and 7.1 before 7.1r20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/69804
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10646
Scores
EPSS
0.0022
EPSS Percentile
45.1%
Details
CWE
CWE-79
Status
published
Products (19)
juniper/junos_pulse_secure_access_service
7.1
juniper/junos_pulse_secure_access_service
7.1r1
juniper/junos_pulse_secure_access_service
7.1r1.1
juniper/junos_pulse_secure_access_service
7.1r2
juniper/junos_pulse_secure_access_service
7.1r3
juniper/junos_pulse_secure_access_service
7.1r4
juniper/junos_pulse_secure_access_service
7.1r5
juniper/junos_pulse_secure_access_service
7.1r6
juniper/junos_pulse_secure_access_service
7.1r7
juniper/junos_pulse_secure_access_service
7.1r8
... and 9 more
Published
Sep 29, 2014
Tracked Since
Feb 18, 2026