CVE-2018-0059

MEDIUM

Juniper ScreenOS < 6.3.0r26 - Authenticated Stored Cross-Site Scripting

Title source: llm

Description

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.juniper.net/JSA10894

Scores

CVSS v3 5.4

EPSS 0.0013

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (27)

juniper/netscreen_screenos 6.3.0

juniper/netscreen_screenos 6.3.0r1

juniper/netscreen_screenos 6.3.0r2

juniper/netscreen_screenos 6.3.0r3

juniper/netscreen_screenos 6.3.0r4

juniper/netscreen_screenos 6.3.0r5

juniper/netscreen_screenos 6.3.0r6

juniper/netscreen_screenos 6.3.0r7

juniper/netscreen_screenos 6.3.0r8

juniper/netscreen_screenos 6.3.0r9

... and 17 more

Published Oct 10, 2018

Tracked Since Feb 18, 2026