CVE-2025-59978

EUVD-2025-33389
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions.
This issue affects all versions of Junos Space before 24.1R4.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
juniperCNA
9 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 30%
Affected Products (NVD)
VendorProductVersion
juniperjunos_space
𝑥
< 24.1
juniperjunos_space
24.1:r1
juniperjunos_space
24.1:r2
juniperjunos_space
24.1:r3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://supportportal.juniper.net/JSA103140