Juniper Secure Access software suffers from a reflective cross site scripting vulnerability.
1e91a40814ce854dfbc08417fc774b84fa293848396a5db20ca9b655cc2fc7d0-------------------------------------------------------------------------------
| Juniper Secure Access XSS Vulnerability|
--------------------------------------------------------------------------------
Summary
===============
Juniper Secure Access software has reflected XSS vulnerability
CVE number: CVE-2012-5460
PSN-2013-03-874
Impact: Low
Vendor homepage:
http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view
Vendor notified: 06/06/2012
Vendor fixed: 12/12/2012
Affected Products
=================
Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 .
Details
==================
In order to exploit this vulnerability , the client should
authenticate to SSLVPN service.The vulnerable parameter exists on help
page of IVE user web interface.
Effected parameter: WWHSearchWordsText
Impact
==================
Execution of arbitrary script code in a user's browser during an
authenticated session.
Solution
==================
Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher.
Twitter @pazwant
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed