Vulnerability Description
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20, 12.1X46 before 12.1X46-D10, and 12.2 before 12.2R1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to index.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Juniper | Junos | 10.0 |
Related Weaknesses (CWE)
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521Vendor Advisory
- http://www.securityfocus.com/bid/66767
- http://www.securitytracker.com/id/1030058
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10521Vendor Advisory
- http://www.securityfocus.com/bid/66767
- http://www.securitytracker.com/id/1030058
FAQ
What is CVE-2014-2712?
CVE-2014-2712 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 10.0S25, 10.4 before 10.4R10, 11.4 before 11.4R11, 12.1 before 12.1R9, 12.1X44 before 12.1X44-D30, 12.1X45 before 12.1X45-D20,...
How severe is CVE-2014-2712?
CVE-2014-2712 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2712?
Check the references section above for vendor advisories and patch information. Affected products include: Juniper Junos.