CVE-2014-2291

Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before 8.0r1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 43%
VendorProductVersion
juniperive_os
7.1
juniperive_os
7.3
juniperive_os
7.4
juniperive_os
8.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/57375
https://exchange.xforce.ibmcloud.com/vulnerabilities/91770
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617
http://secunia.com/advisories/57375
https://exchange.xforce.ibmcloud.com/vulnerabilities/91770
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10617