CVE-2018-0047 HIGH

CVE-2018-0047: Junos Space Security Director: XSS vulnerability in web administration

Vendor Juniper Networks
Product Junos Space Security Director
Published October 10, 2018
Last update September 16, 2024

CVSS base score

8.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.

Key dates

02Disclosure timeline

October 10, 2018 CVE published
September 16, 2024 Record updated