CVE-2018-0059 – ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability

https://notcve.org/view.php?id=CVE-2018-0059

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26. Una vulnerabilidad Cross-Site Scripting (XSS) persistente en la interfaz gráfica de usuario de ScreenOS podría permitir que un usuario autenticado remoto inyecte scripts web o HTML y robe datos sensibles y credenciales de una sesión de administración web, posiblemente engañando a un usuario administrativo Las versiones afectadas son Juniper Networks ScreenOS 6.3.0 en versiones anteriores a la 6.3.0r26. • https://kb.juniper.net/JSA10894 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •