CVE-2026-21904
MEDIUMJunos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection
Title source: cnaDescription
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R5 Patch V3.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://kb.juniper.net/JSA106003
Scores
CVSS v3
6.1
EPSS
0.0021
EPSS Percentile
11.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-79
Status
published
Products (1)
Juniper Networks/Junos Space
< 24.1R5 Patch V3
Published
Apr 09, 2026
Tracked Since
Apr 10, 2026