Junos Space Security Director: XSS vulnerability in web administration
CVE-2018-0047

8HIGH

Key Information:

Vendor: Juniper Networks
Status: Junos Space Security Director
Vendor: CVE Published:; 10 October 2018

Badges

👾 Exploit Exists

Summary

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

Affected Version(s)

Junos Space Security Director <= 17.2R2

References

http://www.securitytracker.com/id/1041863

vdb-entryx_refsource_SECTRACK

https://kb.juniper.net/JSA10881

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 5, 2024
Vulnerability published
Oct 10, 2018
Vulnerability Reserved
Nov 16, 2017

Collectors

NVD DatabaseMitre Database

Credit

Marcel Bilal of IT-Dienstleistungszentrum Berlin