Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program.
References
Link | Resource |
---|---|
http://secunia.com/advisories/36829 | Vendor Advisory |
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09 | Exploit |
http://www.securityfocus.com/bid/36537 | Exploit |
http://www.vupen.com/english/advisories/2009/2784 | Vendor Advisory |
http://secunia.com/advisories/36829 | Vendor Advisory |
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09 | Exploit |
http://www.securityfocus.com/bid/36537 | Exploit |
http://www.vupen.com/english/advisories/2009/2784 | Vendor Advisory |
Configurations
History
21 Nov 2024, 01:07
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/36829 - Vendor Advisory | |
References | () http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-09 - Exploit | |
References | () http://www.securityfocus.com/bid/36537 - Exploit | |
References | () http://www.vupen.com/english/advisories/2009/2784 - Vendor Advisory |
Information
Published : 2009-09-30 15:30
Updated : 2024-11-21 01:07
NVD link : CVE-2009-3486
Mitre link : CVE-2009-3486
CVE.ORG link : CVE-2009-3486
JSON object : View
Products Affected
juniper
- junos
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')