CVE-2017-10612
Junos Space: Persistent Cross site scripting in Junos Space
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A persistent site scripting vulnerability in Juniper Networks Junos Space allows users who can change certain configuration to implant malicious Javascript or HTML which may be used to steal information or perform actions as other Junos Space users or administrators. Affected releases are Juniper Networks Junos Space all versions prior to 17.1R1.
Una vulnerabilidad de Site Scripting persistente en Juniper Networks Junos Space permite a los usuarios que pueden cambiar determinadas configuraciones implantar código JavaScript o HTML malicioso que se puede utilizar para robar información o realizar acciones como otros usuarios o administradores de Junos Space. Las distribuciones afectadas son: Juniper Networks Junos Space en todas sus versiones anteriores a la 17.1R1.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-06-28 CVE Reserved
- 2017-10-13 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/101256 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://kb.juniper.net/JSA10826 | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Juniper Search vendor "Juniper" | Junos Space Search vendor "Juniper" for product "Junos Space" | <= 16.1r3 Search vendor "Juniper" for product "Junos Space" and version " <= 16.1r3" | - |
Affected
| ||||||