Juniper Junos J-Web Administrator Logs XSS (PSN-2011-10-392)

This script is Copyright (C) 2011-2015 Tenable Network Security, Inc.

Synopsis :

The remote device has a cross-site scripting vulnerability.

Description :

According to its self-reported version number, the J-Web component of
the remote Juniper device has a persistent cross-site scripting
vulnerability. During the authentication process, user controlled
input is added to the administrator logs. When an administrator
reviews the logs, that user controlled input is displayed without
being sanitized, which could result in a cross-site scripting attack.

See also :

Solution :

Apply the relevant Junos upgrade referenced in Juniper advisory

Risk factor :

Medium / CVSS Base Score : 5.0

Family: Junos Local Security Checks

Nessus Plugin ID: 56771 ()

Bugtraq ID: