Juniper Junos J-Web Administrator Logs XSS (PSN-2011-10-392)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote device has a cross-site scripting vulnerability.

Description :

According to its self-reported version number, the J-Web component of
the remote Juniper device has a persistent cross-site scripting
vulnerability. During the authentication process, user controlled
input is added to the administrator logs. When an administrator
reviews the logs, that user controlled input is displayed without
being sanitized, which could result in a cross-site scripting attack.

See also :

http://www.nessus.org/u?a1015579

Solution :

Apply the relevant Junos upgrade referenced in Juniper advisory
PSN-2011-10-392.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: Junos Local Security Checks

Nessus Plugin ID: 56771 ()

Bugtraq ID:

CVE ID: