CVE-2018-0047
HIGHJunos Space Security Director < 17.2R2 - Authenticated Stored Cross-Site Scripting
Title source: llmDescription
A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1041863
Vendor Advisory x_refsource_confirm
https://kb.juniper.net/JSA10881
Scores
CVSS v3
8.0
EPSS
0.0030
EPSS Percentile
53.5%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-79
Status
published
Products (7)
juniper/junos_space
13.3 r1 (2 CPE variants)
juniper/junos_space
14.1 r1 (3 CPE variants)
juniper/junos_space
15.1 r1 (4 CPE variants)
juniper/junos_space
15.2 r1 (2 CPE variants)
juniper/junos_space
16.1 r1 (3 CPE variants)
juniper/junos_space
17.1 r1
juniper/junos_space
17.2 r1
Published
Oct 10, 2018
Tracked Since
Feb 18, 2026