{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2011-10-26T09:00:00", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "JVNDB-2011-000071", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000071.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view"}, {"name": "JVN#44642341", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN44642341/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2009-5086", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "JVNDB-2011-000071", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000071.html"}, {"name": "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view", "refsource": "CONFIRM", "url": "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view"}, {"name": "JVN#44642341", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN44642341/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2009-5086", "datePublished": "2011-09-02T17:00:00", "dateReserved": "2011-09-01T00:00:00", "dateUpdated": "2011-10-26T09:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:juniper:idp:4.1:*:*:*:*:*:*:*", "matchCriteriaId": "4FA25F65-DAF8-421D-A868-E3C2A3D63592", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:idp:4.1r1:*:*:*:*:*:*:*", "matchCriteriaId": "543FDA58-FACD-4978-966D-68523447B5CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:idp:4.1r2:*:*:*:*:*:*:*", "matchCriteriaId": "49AAB069-A4AE-4F48-85D8-1A5C92CD1044", "vulnerable": true}, {"criteria": "cpe:2.3:a:juniper:idp:4.2:*:*:*:*:*:*:*", "matchCriteriaId": "8B5E8FFE-F5CC-4A66-81D7-279F7D69631A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en Appliance Configuration Manager (ACM) en Juniper IDP v4.1 antes de v4.1r3 y v4.2 antes de v4.2r1, permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."}], "id": "CVE-2009-5086", "lastModified": "2011-10-26T02:45:00.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2011-09-02T17:55:00.943", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN44642341/index.html"}, {"source": "vultures@jpcert.or.jp", "url": "http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000071.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://s-tools1.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2009-01-191&viewMode=view"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}