CVE-2014-2711

EPSS 0.3%
Published 14.04.2014 15:09:06
Last modified 12.04.2025 10:46:40
Source cve@mitre.org
Teams watchlist Login
Open Login

Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected products Warnungen 0 Metrics 2 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Juniper ≫ Junos Version11.4

Juniper ≫ Junos Version11.4x27

Juniper ≫ Junos Version12.1

Juniper ≫ Junos Version12.1x44

Juniper ≫ Junos Version12.1x45

Juniper ≫ Junos Version12.1x46

Juniper ≫ Junos Version12.2

Juniper ≫ Junos Version12.3

Juniper ≫ Junos Version13.1

Juniper ≫ Junos Version13.2

Juniper ≫ Junos Version13.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.3%	0.5

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:N/I:P/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10619

Vendor Advisory

http://www.securityfocus.com/bid/66770

http://www.securitytracker.com/id/1030061

https://nvd.nist.gov/vuln/detail/CVE-2014-2711

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-2711

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-2711

EUVD