CVE-2024-21620

An Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target&amp;#39;s permissions, including an administrator.<br /> <br /> A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives.<br /> <br /> This issue affects Juniper Networks Junos OS on SRX Series and EX Series:<br /> * All versions earlier than 20.4R3-S10;<br /> * 21.2 versions earlier than 21.2R3-S8;<br /> * 21.4 versions earlier than 21.4R3-S6;<br /> * 22.1 versions earlier than 22.1R3-S5;<br /> * 22.2 versions earlier than 22.2R3-S3;<br /> * 22.3 versions earlier than 22.3R3-S2;<br /> * 22.4 versions earlier than 22.4R3-S1;<br /> * 23.2 versions earlier than 23.2R2;<br /> * 23.4 versions earlier than 23.4R2.<br /> <br /> <br />