CVE-2012-5460
https://notcve.org/view.php?id=CVE-2012-5460
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Vulnerabilidad XSS en la página de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a través del parámetro WWHSearchWordsText. • http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •