Home page logo

bugtraq logo Bugtraq mailing list archives

Juniper Secure Access XSS Vulnerability
From: Anil Pazvant <pazwant () gmail com>
Date: Mon, 22 Jul 2013 19:30:29 +0200


| Juniper Secure Access XSS Vulnerability|



Juniper Secure Access software has reflected XSS vulnerability

CVE number: CVE-2012-5460
Impact: Low

Vendor homepage:

Vendor notified: 06/06/2012

Vendor fixed: 12/12/2012

Affected Products
Juniper SA (IVE OS) to versions prior to  7.1r13, 7.2r7, 7.3r2 .

In order to exploit this vulnerability , the client should
authenticate to SSLVPN service.The vulnerable parameter exists on help
page of IVE user web interface.

Effected parameter: WWHSearchWordsText

Execution of arbitrary script code in a user's browser during an
authenticated session.

Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher.

Twitter @pazwant

  By Date           By Thread  

Current thread:
  • Juniper Secure Access XSS Vulnerability Anil Pazvant (Jul 23)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]