CVE-2025-59991

EPSS 0.04%
Veröffentlicht 09.10.2025 16:12:18
Zuletzt bearbeitet 23.01.2026 20:00:22
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

Junos Space: Device Management pages are vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Management pages that, when visited by another user, enable the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

NVD 4 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Space Version < 24.1

Juniper ≫ Junos Space Version24.1 Updater1

Juniper ≫ Junos Space Version24.1 Updater2

Juniper ≫ Junos Space Version24.1 Updater3

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.103

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://supportportal.juniper.net/JSA103140

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59991

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59991

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59991

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-59991