CVE-2018-0059
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
10/10/2018
Last modified:
09/10/2019
Description
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.
Impact
Base Score 3.x
5.40
Severity 3.x
MEDIUM
Base Score 2.0
3.50
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r2:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r4:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r5:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r6:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r7:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r9:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r11:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r12:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r13:*:*:*:*:*:*:* | ||
| cpe:2.3:o:juniper:netscreen_screenos:6.3.0r14:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page