CVE-2025-59998

EPSS 0.05%
Veröffentlicht 09.10.2025 16:15:32
Zuletzt bearbeitet 23.01.2026 20:00:38
Quelle sirt@juniper.net
CVE-Watchlists
Login
Unerledigt
Login

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Archive Log screen that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Juniper ≫ Junos Space Version < 24.1

Juniper ≫ Junos Space Version24.1 Updater1

Juniper ≫ Junos Space Version24.1 Updater2

Juniper ≫ Junos Space Version24.1 Updater3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.154

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
sirt@juniper.net	5.1	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://supportportal.juniper.net/JSA103140

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-59998

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-59998

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-59998

EUVD