Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29661
HistoryJul 29, 2013 - 12:00 a.m.

Juniper Secure Access XSS Vulnerability

2013-07-2900:00:00
vulners.com
29
JSON

| Juniper Secure Access XSS Vulnerability|

Summary

Juniper Secure Access software has reflected XSS vulnerability

CVE number: CVE-2012-5460
PSN-2013-03-874
Impact: Low

Vendor homepage:
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view

Vendor notified: 06/06/2012

Vendor fixed: 12/12/2012

Affected Products

Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 .

Details

In order to exploit this vulnerability , the client should
authenticate to SSLVPN service.The vulnerable parameter exists on help
page of IVE user web interface.

Effected parameter: WWHSearchWordsText

Impact

Execution of arbitrary script code in a user's browser during an
authenticated session.

Solution

Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher.

Twitter @pazwant

Related

nessus 1
prion 1
securityvulns 1
cve 1
nessus
nessus
Junos Pulse Secure Access Service (SSL VPN) Multiple XSS (JSA10554)
2013-08-07 00:00:00
prion
prion
Cross site scripting
2013-08-01 13:32:00
securityvulns
securityvulns
Juniper Secure Access crossite scripting
2013-07-29 00:00:00
cve
cve
CVE-2012-5460
2013-08-01 13:32:00
JSON
Related for SECURITYVULNS:DOC:29661
nessus1prion1securityvulns1cve1