CVE-2025-59996

MEDIUM

Juniper Junos Space < 24.1 - XSS

Title source: rule

Description

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Configuration View page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4.

References (1)

[Vendor Advisory] https://supportportal.juniper.net/JSA103140

Scores

CVSS v3 6.1

EPSS 0.0003

EPSS Percentile 7.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (4)

juniper/junos_space < 24.1

juniper/junos_space

Timeline

Published Oct 09, 2025

Tracked Since Feb 18, 2026