{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-12-11T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2013-12-31T15:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602"}, {"name": "100862", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/100862"}, {"name": "1029489", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1029489"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-6956", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602", "refsource": "CONFIRM", "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602"}, {"name": "100862", "refsource": "OSVDB", "url": "http://osvdb.org/100862"}, {"name": "1029489", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1029489"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-6956", "datePublished": "2013-12-13T18:00:00", "dateReserved": "2013-12-04T00:00:00", "dateUpdated": "2013-12-31T15:57:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "D4313025-3FC4-42DB-B18E-57EC5C566B74", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*", "matchCriteriaId": "8ECD0F7E-715A-4C52-ACF1-EE7A7042B991", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:ive_os:7.4:*:*:*:*:*:*:*", "matchCriteriaId": "B7F2DEC8-F096-4519-B194-2D1B0FFB8D0D", "vulnerable": true}, {"criteria": "cpe:2.3:o:juniper:ive_os:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "536AF492-C6FF-4C5F-A5DF-DA14DFE8A41F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4 before 7.4r6, and 8.0 before 8.0r1, when web rewrite is enabled, allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."}, {"lang": "es", "value": "Cross-site scripting (XSS) en la caracteristica de reescritura en la web del Servicio de Acceso Seguro de Juniper Junos Secure Access Service (tambi\u00e9n conocido como SSL VPN) con IVE OS anterior a 7.1r17, 7.3 anterior 7.3r8, 7.4r6 anterior a 7.4y 8.0 anterior a 8.0r1. Cuando la reescritura web est\u00e1 habilitada, permite a los usuarios remotos autenticados inyectar secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."}], "id": "CVE-2013-6956", "lastModified": "2014-01-04T04:51:00.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2013-12-13T18:07:54.313", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/100862"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id/1029489"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10602"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}