CVE-2021-31373
19.10.2021, 19:15
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3.
| Vendor | Product | Version |
|---|---|---|
| juniper | junos | 18.2 |
| juniper | junos | 18.2:r1 |
| juniper | junos | 18.2:r1-s2 |
| juniper | junos | 18.2:r1-s3 |
| juniper | junos | 18.2:r1-s4 |
| juniper | junos | 18.2:r1-s5 |
| juniper | junos | 18.2:r2 |
| juniper | junos | 18.2:r2-s1 |
| juniper | junos | 18.2:r2-s2 |
| juniper | junos | 18.2:r2-s3 |
| juniper | junos | 18.2:r2-s4 |
| juniper | junos | 18.2:r2-s5 |
| juniper | junos | 18.2:r2-s6 |
| juniper | junos | 18.2:r2-s7 |
| juniper | junos | 18.2:r2-s8 |
| juniper | junos | 18.2:r3 |
| juniper | junos | 18.2:r3-s1 |
| juniper | junos | 18.2:r3-s2 |
| juniper | junos | 18.2:r3-s3 |
| juniper | junos | 18.2:r3-s4 |
| juniper | junos | 18.2:r3-s5 |
| juniper | junos | 18.2:r3-s6 |
| juniper | junos | 18.2:r3-s7 |
| juniper | junos | 18.3 |
| juniper | junos | 18.3:r1 |
| juniper | junos | 18.3:r1-s1 |
| juniper | junos | 18.3:r1-s2 |
| juniper | junos | 18.3:r1-s3 |
| juniper | junos | 18.3:r1-s4 |
| juniper | junos | 18.3:r1-s5 |
| juniper | junos | 18.3:r1-s6 |
| juniper | junos | 18.3:r2 |
| juniper | junos | 18.3:r2-s1 |
| juniper | junos | 18.3:r2-s2 |
| juniper | junos | 18.3:r2-s3 |
| juniper | junos | 18.3:r2-s4 |
| juniper | junos | 18.3:r3 |
| juniper | junos | 18.3:r3-s1 |
| juniper | junos | 18.3:r3-s2 |
| juniper | junos | 18.3:r3-s3 |
| juniper | junos | 18.3:r3-s4 |
| juniper | junos | 18.4 |
| juniper | junos | 18.4:r1 |
| juniper | junos | 18.4:r1-s1 |
| juniper | junos | 18.4:r1-s2 |
| juniper | junos | 18.4:r1-s3 |
| juniper | junos | 18.4:r1-s4 |
| juniper | junos | 18.4:r1-s5 |
| juniper | junos | 18.4:r1-s6 |
| juniper | junos | 18.4:r1-s7 |
| juniper | junos | 18.4:r2 |
| juniper | junos | 18.4:r2-s1 |
| juniper | junos | 18.4:r2-s2 |
| juniper | junos | 18.4:r2-s3 |
| juniper | junos | 18.4:r2-s4 |
| juniper | junos | 18.4:r2-s5 |
| juniper | junos | 18.4:r2-s6 |
| juniper | junos | 18.4:r2-s7 |
| juniper | junos | 18.4:r2-s8 |
| juniper | junos | 18.4:r3 |
| juniper | junos | 18.4:r3-s1 |
| juniper | junos | 18.4:r3-s2 |
| juniper | junos | 18.4:r3-s3 |
| juniper | junos | 18.4:r3-s4 |
| juniper | junos | 18.4:r3-s5 |
| juniper | junos | 18.4:r3-s6 |
| juniper | junos | 18.4:r3-s7 |
| juniper | junos | 19.1 |
| juniper | junos | 19.1:r1 |
| juniper | junos | 19.1:r1-s1 |
| juniper | junos | 19.1:r1-s2 |
| juniper | junos | 19.1:r1-s3 |
| juniper | junos | 19.1:r1-s4 |
| juniper | junos | 19.1:r1-s5 |
| juniper | junos | 19.1:r1-s6 |
| juniper | junos | 19.1:r2 |
| juniper | junos | 19.1:r2-s1 |
| juniper | junos | 19.1:r2-s2 |
| juniper | junos | 19.1:r2-s3 |
| juniper | junos | 19.1:r3 |
| juniper | junos | 19.1:r3-s1 |
| juniper | junos | 19.1:r3-s2 |
| juniper | junos | 19.1:r3-s3 |
| juniper | junos | 19.1:r3-s4 |
| juniper | junos | 19.2 |
| juniper | junos | 19.2:r1 |
| juniper | junos | 19.2:r1-s1 |
| juniper | junos | 19.2:r1-s2 |
| juniper | junos | 19.2:r1-s3 |
| juniper | junos | 19.2:r1-s4 |
| juniper | junos | 19.2:r1-s5 |
| juniper | junos | 19.2:r1-s6 |
| juniper | junos | 19.2:r2 |
| juniper | junos | 19.2:r2-s1 |
| juniper | junos | 19.2:r3 |
| juniper | junos | 19.2:r3-s1 |
| juniper | junos | 19.2:r3-s2 |
| juniper | junos | 19.3 |
| juniper | junos | 19.3:r1 |
| juniper | junos | 19.3:r1-s1 |
| juniper | junos | 19.3:r2 |
| juniper | junos | 19.3:r2-s1 |
| juniper | junos | 19.3:r2-s2 |
| juniper | junos | 19.3:r2-s3 |
| juniper | junos | 19.3:r2-s4 |
| juniper | junos | 19.3:r2-s5 |
| juniper | junos | 19.3:r3 |
| juniper | junos | 19.3:r3-s1 |
| juniper | junos | 19.3:r3-s2 |
| juniper | junos | 19.4:r1 |
| juniper | junos | 19.4:r1-s1 |
| juniper | junos | 19.4:r1-s2 |
| juniper | junos | 19.4:r1-s3 |
| juniper | junos | 19.4:r2 |
| juniper | junos | 19.4:r2-s1 |
| juniper | junos | 19.4:r2-s2 |
| juniper | junos | 19.4:r2-s3 |
| juniper | junos | 19.4:r3 |
| juniper | junos | 19.4:r3-s1 |
| juniper | junos | 19.4:r3-s2 |
| juniper | junos | 20.1:r1 |
| juniper | junos | 20.1:r1-s1 |
| juniper | junos | 20.1:r1-s2 |
| juniper | junos | 20.1:r1-s3 |
| juniper | junos | 20.1:r1-s4 |
| juniper | junos | 20.1:r2 |
| juniper | junos | 20.1:r2-s1 |
| juniper | junos | 20.2:r1 |
| juniper | junos | 20.2:r1-s1 |
| juniper | junos | 20.2:r1-s2 |
| juniper | junos | 20.2:r1-s3 |
| juniper | junos | 20.2:r2 |
| juniper | junos | 20.2:r2-s1 |
| juniper | junos | 20.2:r2-s2 |
| juniper | junos | 20.2:r2-s3 |
| juniper | junos | 20.2:r3 |
| juniper | junos | 20.3:r1 |
| juniper | junos | 20.3:r1-s1 |
| juniper | junos | 20.3:r2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.