CVE-2026-21904

EUVD-2026-21077
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the 

list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.

This issue affects all versions of Junos Space before 24.1R5 Patch V3.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 11%
Affected Products (NVD)
VendorProductVersion
juniperjunos_space
1.0
juniperjunos_space
1.1
juniperjunos_space
1.2
juniperjunos_space
1.3
juniperjunos_space
1.4
juniperjunos_space
2.0
juniperjunos_space
11.1
juniperjunos_space
11.2
juniperjunos_space
11.3
juniperjunos_space
11.4
juniperjunos_space
12.1
juniperjunos_space
12.2
juniperjunos_space
12.3
juniperjunos_space
13.1
juniperjunos_space
13.1:r1.8
juniperjunos_space
13.3:r1
juniperjunos_space
13.3:r1.1
juniperjunos_space
13.3:r1.2
juniperjunos_space
13.3:r1.3
juniperjunos_space
13.3:r1.4
juniperjunos_space
13.3:r1.5
juniperjunos_space
13.3:r1.6
juniperjunos_space
13.3:r1.7
juniperjunos_space
13.3:r1.8
juniperjunos_space
13.3:r1.9
juniperjunos_space
13.3:r2
juniperjunos_space
13.3:r3
juniperjunos_space
13.3:r4
juniperjunos_space
14.1
juniperjunos_space
14.1:r1
juniperjunos_space
14.1:r2
juniperjunos_space
14.1:r3
juniperjunos_space
15.1
juniperjunos_space
15.1:r2
juniperjunos_space
15.1:r3
juniperjunos_space
15.1:r4
juniperjunos_space
15.2
juniperjunos_space
15.2:r2
juniperjunos_space
16.1
juniperjunos_space
16.1
juniperjunos_space
16.1:r1
juniperjunos_space
16.1:r2
juniperjunos_space
16.1:r3
juniperjunos_space
16.1r3:r3
juniperjunos_space
17.1
juniperjunos_space
17.1:r1
juniperjunos_space
17.2
juniperjunos_space
17.2:r1.4
juniperjunos_space
18.1
juniperjunos_space
18.1r1:r1
juniperjunos_space
18.2
juniperjunos_space
18.3
juniperjunos_space
18.4
juniperjunos_space
19.1
juniperjunos_space
20.3:r1
juniperjunos_space
21.1:r1
juniperjunos_space
21.2:r1
juniperjunos_space
21.3:r1
juniperjunos_space
22.1:r1
juniperjunos_space
22.2:r1
juniperjunos_space
22.3:r1
juniperjunos_space
23.1:r1
juniperjunos_space
24.1:r1
juniperjunos_space
24.1:r2
juniperjunos_space
24.1:r3
juniperjunos_space
24.1:r4
juniperjunos_space
24.1:r5
𝑥
= Vulnerable software versions