CVE-2022-22242

MEDIUM EXPLOITED NUCLEI

Juniper Networks Junos OS <19.1R3-S9-20.2 - XSS

Title source: llm

Description

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.

Exploits (1)

vulncheck_xdb SCANNER

client-side

https://github.com/zan8in/afrog

View Code ZIP pw:eip

Nuclei Templates (1)

Juniper Web Device Manager - Cross-Site Scripting

MEDIUMVERIFIEDby EvergreenCartoons

Shodan: title:"Juniper Web Device Manager" || http.title:"juniper web device manager"

FOFA: title="juniper web device manager"

References (1)

[Vendor Advisory] https://kb.juniper.net/JSA69899

Scores

CVSS v3 6.1

EPSS 0.6213

EPSS Percentile 98.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

VulnCheck KEV 2023-11-25

CWE

CWE-79

Status published

Products (3)

juniper/junos 19.1 (21 CPE variants)

juniper/junos 19.2 (19 CPE variants)

juniper/junos 19.3 (10 CPE variants)

Published Oct 18, 2022

Tracked Since Feb 18, 2026