CVE-2018-0047

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
juniperCNA
8 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 54%
VendorProductVersion
juniperjunos_space
13.3:r1
juniperjunos_space
13.3:r2
juniperjunos_space
14.1:r1
juniperjunos_space
14.1:r2
juniperjunos_space
14.1:r3
juniperjunos_space
15.1:r1
juniperjunos_space
15.1:r2
juniperjunos_space
15.1:r3
juniperjunos_space
15.1:r4
juniperjunos_space
15.2:r1
juniperjunos_space
15.2:r2
juniperjunos_space
16.1:r1
juniperjunos_space
16.1:r2
juniperjunos_space
16.1:r3
juniperjunos_space
17.1:r1
juniperjunos_space
17.2:r1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securitytracker.com/id/1041863
https://kb.juniper.net/JSA10881
http://www.securitytracker.com/id/1041863
https://kb.juniper.net/JSA10881