CVE-2018-0059 MEDIUM

CVE-2018-0059: ScreenOS: Stored Cross-Site Scripting (XSS) vulnerability

Vendor Juniper Networks
Product ScreenOS
Published October 10, 2018
Last update September 16, 2024

CVSS base score

5.4/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.

Key dates

02Disclosure timeline

October 10, 2018 CVE published
September 16, 2024 Record updated