6.1
CVE-2026-21904
- EPSS 0.21%
- Veröffentlicht 09.04.2026 22:16:24
- Zuletzt bearbeitet 08.07.2026 03:17:14
- Quelle sirt@juniper.net
- CVE-Watchlists
- Unerledigt
Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the
list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R5 Patch V3.Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Juniper ≫ Junos Space Version1.0
Juniper ≫ Junos Space Version1.1
Juniper ≫ Junos Space Version1.2
Juniper ≫ Junos Space Version1.3
Juniper ≫ Junos Space Version1.4
Juniper ≫ Junos Space Version2.0
Juniper ≫ Junos Space Version11.1
Juniper ≫ Junos Space Version11.2
Juniper ≫ Junos Space Version11.3
Juniper ≫ Junos Space Version11.4
Juniper ≫ Junos Space Version12.1
Juniper ≫ Junos Space Version12.2
Juniper ≫ Junos Space Version12.3
Juniper ≫ Junos Space Version13.1 Update-
Juniper ≫ Junos Space Version13.1 Updater1.8
Juniper ≫ Junos Space Version13.3 Updater1
Juniper ≫ Junos Space Version13.3 Updater1.1
Juniper ≫ Junos Space Version13.3 Updater1.2
Juniper ≫ Junos Space Version13.3 Updater1.3
Juniper ≫ Junos Space Version13.3 Updater1.4
Juniper ≫ Junos Space Version13.3 Updater1.5
Juniper ≫ Junos Space Version13.3 Updater1.6
Juniper ≫ Junos Space Version13.3 Updater1.7
Juniper ≫ Junos Space Version13.3 Updater1.8
Juniper ≫ Junos Space Version13.3 Updater1.9
Juniper ≫ Junos Space Version13.3 Updater2
Juniper ≫ Junos Space Version13.3 Updater3
Juniper ≫ Junos Space Version13.3 Updater4
Juniper ≫ Junos Space Version14.1 Update-
Juniper ≫ Junos Space Version14.1 Updater1
Juniper ≫ Junos Space Version14.1 Updater2
Juniper ≫ Junos Space Version14.1 Updater3
Juniper ≫ Junos Space Version15.1 Update-
Juniper ≫ Junos Space Version15.1 Updater2
Juniper ≫ Junos Space Version15.1 Updater3
Juniper ≫ Junos Space Version15.1 Updater4
Juniper ≫ Junos Space Version15.2 Update-
Juniper ≫ Junos Space Version15.2 Updater2
Juniper ≫ Junos Space Version16.1
Juniper ≫ Junos Space Version16.1 Update-
Juniper ≫ Junos Space Version16.1 Updater1
Juniper ≫ Junos Space Version16.1 Updater2
Juniper ≫ Junos Space Version16.1 Updater3
Juniper ≫ Junos Space Version16.1r3
Juniper ≫ Junos Space Version17.1 Update-
Juniper ≫ Junos Space Version17.1 Updater1
Juniper ≫ Junos Space Version17.2 Update-
Juniper ≫ Junos Space Version17.2 Updater1.4
Juniper ≫ Junos Space Version18.1 Update-
Juniper ≫ Junos Space Version18.1r1
Juniper ≫ Junos Space Version18.2 Update-
Juniper ≫ Junos Space Version18.3 Update-
Juniper ≫ Junos Space Version18.4 Update-
Juniper ≫ Junos Space Version19.1 Update-
Juniper ≫ Junos Space Version20.3 Updater1
Juniper ≫ Junos Space Version21.1 Updater1
Juniper ≫ Junos Space Version21.2 Updater1
Juniper ≫ Junos Space Version21.3 Updater1
Juniper ≫ Junos Space Version22.1 Updater1
Juniper ≫ Junos Space Version22.2 Updater1
Juniper ≫ Junos Space Version22.3 Updater1
Juniper ≫ Junos Space Version23.1 Updater1
Juniper ≫ Junos Space Version24.1 Updater1
Juniper ≫ Junos Space Version24.1 Updater2
Juniper ≫ Junos Space Version24.1 Updater3
Juniper ≫ Junos Space Version24.1 Updater4
Juniper ≫ Junos Space Version24.1 Updater5
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.21% | 0.111 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| sirt@juniper.net | 5.1 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| sirt@juniper.net | 6.1 | 2.8 | 2.7 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.