First published: Wed Oct 10 2018(Updated: )
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.
Credit: sirt@juniper.net
Affected Software | Affected Version | How to fix |
---|---|---|
Juniper NetScreen ScreenOS | =6.3.0 | |
Juniper NetScreen ScreenOS | =6.3.0r1 | |
Juniper NetScreen ScreenOS | =6.3.0r2 | |
Juniper NetScreen ScreenOS | =6.3.0r3 | |
Juniper NetScreen ScreenOS | =6.3.0r4 | |
Juniper NetScreen ScreenOS | =6.3.0r5 | |
Juniper NetScreen ScreenOS | =6.3.0r6 | |
Juniper NetScreen ScreenOS | =6.3.0r7 | |
Juniper NetScreen ScreenOS | =6.3.0r8 | |
Juniper NetScreen ScreenOS | =6.3.0r9 | |
Juniper NetScreen ScreenOS | =6.3.0r10 | |
Juniper NetScreen ScreenOS | =6.3.0r11 | |
Juniper NetScreen ScreenOS | =6.3.0r12 | |
Juniper NetScreen ScreenOS | =6.3.0r13 | |
Juniper NetScreen ScreenOS | =6.3.0r14 | |
Juniper NetScreen ScreenOS | =6.3.0r15 | |
Juniper NetScreen ScreenOS | =6.3.0r16 | |
Juniper NetScreen ScreenOS | =6.3.0r17 | |
Juniper NetScreen ScreenOS | =6.3.0r18 | |
Juniper NetScreen ScreenOS | =6.3.0r19 | |
Juniper NetScreen ScreenOS | =6.3.0r21 | |
Juniper NetScreen ScreenOS | =6.3.0r22 | |
Juniper NetScreen ScreenOS | =6.3.0r23 | |
Juniper NetScreen ScreenOS | =6.3.0r23b1 | |
Juniper NetScreen ScreenOS | =6.3.0r24 | |
Juniper NetScreen ScreenOS | =6.3.0r24b1 | |
Juniper NetScreen ScreenOS | =6.3.0r25 |
The following software releases have been updated to resolve this specific issue: ScreenOS 6.3.0r26 and all subsequent releases. Review and clear any previously stored cross-site scripting entries.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.