CVE-2025-59974

EPSS 0.05%
Veröffentlicht 09.10.2025 15:57:30
Zuletzt bearbeitet 23.01.2026 19:59:02
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Junos Space Security Director allows an attacker to inject malicious scripts into the application, which are then stored and executed in the context of other users' browsers when they access affected pages.This issue affects Juniper Security Director: 

  *  All versions before 24.1R4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Space Security Director Version < 24.1

Juniper ≫ Space Security Director Version24.1 Updater1

Juniper ≫ Space Security Director Version24.1 Updater2

Juniper ≫ Space Security Director Version24.1 Updater3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.169

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:U/V:C/RE:M/U:Amber
sirt@juniper.net	8.4	1.7	6	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://supportportal.juniper.net/JSA103139

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59974

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59974

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59974

EUVD