Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N
Vendors Products
Juniper
  • Mag6611 Gateway
  • Secure Access 4500
  • Secure Access 2500
  • Fips Secure Access 6500
  • Secure Access 6500
  • Secure Access 2000
  • Mag4610 Gateway
  • Fips Secure Access 4000
  • Ive Os
  • Mag2600 Gateway
  • Secure Access Virtual Appliance
  • Secure Access 700
  • Mag6610 Gateway
  • Fips Secure Access 6000
  • Fips Secure Access 4500
  • Secure Access 6000
  • Secure Access 4000

Configuration 1 [-]

AND
OR cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*
cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*
cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*
OR cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*
cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*
References
Link Resource
http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view Vendor Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:15:31

Updated: 2022-10-03T16:15:31

Reserved: 2022-10-03T00:00:00

Link: CVE-2012-5460

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2013-08-01T13:32:35.103

Modified: 2013-08-01T13:32:35.103

Link: CVE-2012-5460

JSON object: View

cve-icon Redhat Information

No data.

CWE