Detections
Analytics

Juniper Junos OS Vulnerability (JSA11238)

high Nessus Plugin ID 161775

Language:

Synopsis

The remote device is missing a vendor-supplied security patch.

Description

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the relevant Junos software release referenced in Juniper advisory JSA11238

See Also

https://kb.juniper.net/JSA11238

Plugin Details

Severity: High

ID: 161775

File Name: juniper_jsa11238.nasl

Version: 1.3

Type: Combined

Published: 6/2/2022

Updated: 4/22/2026

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Set to score from vendor advisory.

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C

CVSS Score Source: manual

CVSS v3

Risk Factor: High

Base Score: 8

Temporal Score: 7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version, Host/Juniper/model

Exploit Ease: No known exploits are available

Patch Publication Date: 9/28/2021

Vulnerability Publication Date: 9/28/2021

Reference Information

CVE: CVE-2021-31373

JSA: JSA11238