CVE-2012-5460: XSS
First published: Wed Jul 31 2013(Updated: )
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper IVE OS | =7.1 | |
| Juniper IVE OS | =7.2 | |
| Juniper IVE OS | =7.3 | |
| Juniper Secure Access Virtual Appliance | ||
| Juniper FIPS Secure Access 4000 | ||
| Juniper FIPS Secure Access 4500 | ||
| Juniper Secure Access 6000 | ||
| Juniper FIPS Secure Access 6500 | ||
| Juniper MAG2600 Gateway | ||
| Juniper MAG4610 Gateway | ||
| Juniper MAG6610 Gateway | ||
| Juniper MAG6611 Gateway | ||
| Juniper Secure Access 2000 | ||
| Juniper Secure Access 2500 | ||
| Juniper Secure Access 4000 | ||
| Juniper Secure Access 4500 | ||
| Juniper Secure Access 6000 | ||
| Juniper Secure Access 6500 | ||
| Juniper Secure Access 700 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-5460?
CVE-2012-5460 is classified as a medium severity vulnerability due to its XSS nature, which can lead to the execution of malicious scripts.
How do I fix CVE-2012-5460?
To fix CVE-2012-5460, upgrade to Juniper Secure Access IVE OS version 7.1r13, 7.2r7, or 7.3r2 or higher.
What type of vulnerability is CVE-2012-5460?
CVE-2012-5460 is a cross-site scripting (XSS) vulnerability affecting Juniper Secure Access implementations.
Which Juniper products are affected by CVE-2012-5460?
CVE-2012-5460 affects Juniper Secure Access products running IVE OS versions prior to 7.1r13, 7.2r7, and 7.3r2.
What could exploitation of CVE-2012-5460 lead to?
Exploitation of CVE-2012-5460 could allow remote attackers to inject arbitrary web scripts or HTML into the affected application.
- agent/references
- agent/type
- agent/softwarecombine
- agent/severity
- agent/weakness
- agent/description
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/juniper
- canonical/juniper ive os
- version/juniper ive os/7.1
- version/juniper ive os/7.2
- version/juniper ive os/7.3
- canonical/juniper secure access virtual appliance
- canonical/juniper fips secure access 4000
- canonical/juniper fips secure access 4500
- canonical/juniper secure access 6000
- canonical/juniper fips secure access 6500
- canonical/juniper mag2600 gateway
- canonical/juniper mag4610 gateway
- canonical/juniper mag6610 gateway
- canonical/juniper mag6611 gateway
- canonical/juniper secure access 2000
- canonical/juniper secure access 2500
- canonical/juniper secure access 4000
- canonical/juniper secure access 4500
- canonical/juniper secure access 6500
- canonical/juniper secure access 700