CVE-2019-0018
Juniper ATP: Persistent Cross-Site Scripting (XSS) vulnerability in file upload menu
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper ATP 5.0 versions prior to 5.0.3.
Una vulnerabilidad de Cross-Site Scripting persistente en el menú de subida de archivos de Juniper ATP podría permitir que un usuario autenticado inyecte scripts arbitrarios y robe datos sensibles y credenciales de una sesión de administración web, engañando posiblemente a un usuario administrativo posterior para que realice acciones de administrador en el dispositivo. Este problema afecta a Juniper ATP en versiones 5.0 anteriores a la 5.0.3.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-10-11 CVE Reserved
- 2019-01-15 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Juniper Search vendor "Juniper" | Advanced Threat Prevention Search vendor "Juniper" for product "Advanced Threat Prevention" | >= 5.0.0 < 5.0.3 Search vendor "Juniper" for product "Advanced Threat Prevention" and version " >= 5.0.0 < 5.0.3" | - |
Affected
| in | Juniper Search vendor "Juniper" | Atp400 Search vendor "Juniper" for product "Atp400" | - | - |
Safe
|
Juniper Search vendor "Juniper" | Advanced Threat Prevention Search vendor "Juniper" for product "Advanced Threat Prevention" | >= 5.0.0 < 5.0.3 Search vendor "Juniper" for product "Advanced Threat Prevention" and version " >= 5.0.0 < 5.0.3" | - |
Affected
| in | Juniper Search vendor "Juniper" | Atp700 Search vendor "Juniper" for product "Atp700" | - | - |
Safe
|