CVE-2025-59974

EUVD-2025-33392
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access affected pages.This issue affects Juniper Security Director: 

  *  All versions before 24.1R4.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.4 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
juniperCNA
8.4 HIGH
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
Affected Products (NVD)
VendorProductVersion
juniperspace_security_director
𝑥
< 24.1
juniperspace_security_director
24.1:r1
juniperspace_security_director
24.1:r2
juniperspace_security_director
24.1:r3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://supportportal.juniper.net/JSA103139