CVE-2022-22242 MEDIUM

CVE-2022-22242: Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web

Vendor Juniper Networks
Product Junos OS
Weakness CWE-79 · XSS
Published October 18, 2022
Last update May 9, 2025
View on NVD All CVEs

CVSS base score

6.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.

Key dates

02Disclosure timeline

October 18, 2022 CVE published
May 9, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-67555 WordPress UseStrict's Calendly Embedder plugin <= 1.1.7.2 - Cross Site Scripting (XSS) vulnerability CVE-2024-5266 Download Manager <= 3.2.92 - Authenticated (Author+) Stored Cross-Site Scripting via Multiple Shortcodes CVE-2026-42455 LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin) CVE-2024-5191 Branda – White Label WordPress, Custom Login Page Customizer <= 3.4.17 - Authenticated (Author+) Stored Cross-Site Scripting via SVG Upload CVE-2023-47184 WordPress Admin Bar & Dashboard Access Control Plugin <= 1.2.8 is vulnerable to Cross Site Scripting (XSS)