CVSS: 5.4EPSS: 0%CPEs: 27EXPL: 0CVE-2018-0059 – ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2018-0059
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la interfaz gráfica de usuario de ScreenOS podría permitir que un usuario autenticado remoto inyecte scripts web o HTML y robe datos sensibles y credenciales de una sesión de administración web, posiblemente engañando a un usuario administrativo Las versiones afectadas son Juniper Networks ScreenOS 6.3.0 en versiones anteriores a la 6.3.0r26. • https://kb.juniper.net/JSA10894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 1%CPEs: 5EXPL: 0CVE-2013-6958
https://notcve.org/view.php?id=CVE-2013-6958
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet. Juniper NetScreen Firewall corriendo ScreenOS 5.4, 6.2 o 6.3, cuando la pantalla Ping of Dead está deshabilitada, permite a atacantes remotos causar una denegación de servico a través de un paquete manipulado. • http://jvn.jp/en/jp/JVN28436508/index.html http://jvndb.jvn.jp/ja/contents/2013/JVNDB-2013-000119.html http://osvdb.org/100861 http://www.securitytracker.com/id/1029490 https://kb.juniper.net/JSA10604 •