Detections
Analytics

Juniper Junos Space < 24.1R4 Multiple Vulnerabilities (JSA103140)

critical Nessus Plugin ID 270709

Language:

Synopsis

The remote device is affected by multiple vulnerabilities.

Description

According to its self-reported version number, the remote Junos Space version is prior to 24.1R4. It is, therefore, affected by multiple vulnerabilities, including the following:

 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Device Template Definition page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R4.
 (CVE-2025-59981)

 - A Cross-site Scripting vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the dashboard search field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. (CVE-2025-59982)

 - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to store script tags directly in web pages that, when viewed by another user, enable the attacker to execute commands with the target's administrative permissions. This issue affects all versions of Junos Space before 24.1R4. (CVE-2025-59978)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Junos Space 24.1R4 or later.

See Also

http://www.nessus.org/u?651f13e1

Plugin Details

Severity: Critical

ID: 270709

File Name: juniper_space_jsa103140.nasl

Version: 1.1

Type: local

Published: 10/17/2025

Updated: 10/17/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.1

CVSS v2

Risk Factor: High

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2025-59978

CVSS v3

Risk Factor: Critical

Base Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CVSS Score Source: CVE-2025-59978

Vulnerability Information

CPE: cpe:/a:juniper:junos_space

Required KB Items: Host/Junos_Space/version

Patch Publication Date: 10/8/2025

Vulnerability Publication Date: 10/8/2025

Reference Information

CVE: CVE-2025-59978, CVE-2025-59981, CVE-2025-59982, CVE-2025-59983, CVE-2025-59984, CVE-2025-59985, CVE-2025-59986, CVE-2025-59987, CVE-2025-59988, CVE-2025-59989, CVE-2025-59990, CVE-2025-59991, CVE-2025-59992, CVE-2025-59993, CVE-2025-59994, CVE-2025-59995, CVE-2025-59996, CVE-2025-59997, CVE-2025-59998, CVE-2025-59999, CVE-2025-60000, CVE-2025-60001, CVE-2025-60002, CVE-2025-60009

IAVA: 2025-A-0738