CVE-2009-3487
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
30/09/2009
Last modified:
09/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.
Impact
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:junos:8.5:r1.14:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://secunia.com/advisories/36829
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-10
- http://www.securityfocus.com/bid/36537
- http://www.vupen.com/english/advisories/2009/2784
- http://secunia.com/advisories/36829
- http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-10
- http://www.securityfocus.com/bid/36537
- http://www.vupen.com/english/advisories/2009/2784