Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2013-5095


Cross-site scripting (XSS) vulnerability in the web-based interface in Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka PR 884469.


Published

2013-08-16T13:57:23.487

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application juniper junos_space 11.1 Yes
Application juniper junos_space 11.2 Yes
Application juniper junos_space 11.3 Yes
Application juniper junos_space 11.4 Yes
Application juniper junos_space 12.1 Yes
Application juniper junos_space 12.2 Yes
Application juniper junos_space 12.3 Yes
Application juniper junos_space_virtual_appliance - Yes
Hardware juniper junos_space_ja1500_appliance - Yes

References