CVE-2017-10612
HIGHJuniper Networks Junos Space < 17.1R1 - Stored Cross-Site Scripting via Configuration Change
Title source: llmDescription
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10826
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/101256
Scores
CVSS v3
8.0
EPSS
0.0039
EPSS Percentile
60.2%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (2)
juniper/junos_space
< 16.1r3
Juniper Networks/Junos Space
versions prior to 17.1R1
Published
Oct 13, 2017
Tracked Since
Feb 18, 2026