CVSS: 6.1EPSS: 1%CPEs: 2EXPL: 3CVE-2009-3485 – Juniper Junos 8.5/9.0 J - Web Interface 'PATH_INFO' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3485
30 Sep 2009 — Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. Vulnerabilidad de ejecución de secuencias de comandos remotos en sitios cruzados (XSS) en la interface J-Web en Juniper JUNOS v8.5R1.14 y v9.0R1.1 permite a atacantes remotos ejecutar código web o HTML de su elección a través de PATH_INFO en la URI por defecto. • https://www.exploit-db.com/exploits/33257 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 4CVE-2009-3486 – Juniper Junos 8.5/9.0 J-Web Interface - '/configuration' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2009-3486
30 Sep 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration progra... • https://www.exploit-db.com/exploits/33259 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 5CVE-2009-3487 – Juniper Junos 8.5/9.0 J - Web Interface (Multiple Script) 'm[]' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2009-3487
30 Sep 2009 — Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms pro... • https://www.exploit-db.com/exploits/33261 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •