SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a cross-site scripting (XSS) vulnerability in J-Web due to insufficient XSS protection. An unauthenticated, remote attacker can exploit this, via injecting web script or HTML to hijack the target user's J-Web session and perform administrative actions on the on the Junos device as the targeted user.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionApply the relevant Junos software release or workaround referenced in Juniper advisory JSA10986.