6.1

CVE-2026-21904

Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection

An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the 

list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.

This issue affects all versions of Junos Space before 24.1R5 Patch V3.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
JuniperJunos Space Version1.0
JuniperJunos Space Version1.1
JuniperJunos Space Version1.2
JuniperJunos Space Version1.3
JuniperJunos Space Version1.4
JuniperJunos Space Version2.0
JuniperJunos Space Version11.1
JuniperJunos Space Version11.2
JuniperJunos Space Version11.3
JuniperJunos Space Version11.4
JuniperJunos Space Version12.1
JuniperJunos Space Version12.2
JuniperJunos Space Version12.3
JuniperJunos Space Version13.1 Update-
JuniperJunos Space Version13.1 Updater1.8
JuniperJunos Space Version13.3 Updater1
JuniperJunos Space Version13.3 Updater1.1
JuniperJunos Space Version13.3 Updater1.2
JuniperJunos Space Version13.3 Updater1.3
JuniperJunos Space Version13.3 Updater1.4
JuniperJunos Space Version13.3 Updater1.5
JuniperJunos Space Version13.3 Updater1.6
JuniperJunos Space Version13.3 Updater1.7
JuniperJunos Space Version13.3 Updater1.8
JuniperJunos Space Version13.3 Updater1.9
JuniperJunos Space Version13.3 Updater2
JuniperJunos Space Version13.3 Updater3
JuniperJunos Space Version13.3 Updater4
JuniperJunos Space Version14.1 Update-
JuniperJunos Space Version14.1 Updater1
JuniperJunos Space Version14.1 Updater2
JuniperJunos Space Version14.1 Updater3
JuniperJunos Space Version15.1 Update-
JuniperJunos Space Version15.1 Updater2
JuniperJunos Space Version15.1 Updater3
JuniperJunos Space Version15.1 Updater4
JuniperJunos Space Version15.2 Update-
JuniperJunos Space Version15.2 Updater2
JuniperJunos Space Version16.1
JuniperJunos Space Version16.1 Update-
JuniperJunos Space Version16.1 Updater1
JuniperJunos Space Version16.1 Updater2
JuniperJunos Space Version16.1 Updater3
JuniperJunos Space Version16.1r3
JuniperJunos Space Version17.1 Update-
JuniperJunos Space Version17.1 Updater1
JuniperJunos Space Version17.2 Update-
JuniperJunos Space Version17.2 Updater1.4
JuniperJunos Space Version18.1 Update-
JuniperJunos Space Version18.1r1
JuniperJunos Space Version18.2 Update-
JuniperJunos Space Version18.3 Update-
JuniperJunos Space Version18.4 Update-
JuniperJunos Space Version19.1 Update-
JuniperJunos Space Version20.3 Updater1
JuniperJunos Space Version21.1 Updater1
JuniperJunos Space Version21.2 Updater1
JuniperJunos Space Version21.3 Updater1
JuniperJunos Space Version22.1 Updater1
JuniperJunos Space Version22.2 Updater1
JuniperJunos Space Version22.3 Updater1
JuniperJunos Space Version23.1 Updater1
JuniperJunos Space Version24.1 Updater1
JuniperJunos Space Version24.1 Updater2
JuniperJunos Space Version24.1 Updater3
JuniperJunos Space Version24.1 Updater4
JuniperJunos Space Version24.1 Updater5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.21% 0.111
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
sirt@juniper.net 5.1 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
sirt@juniper.net 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.