Junos Pulse Secure Access Service (SSL VPN) Multiple XSS (JSA10554)
Medium Nessus Plugin ID 69241
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the version of IVE OS running on the remote host has the following cross-site scripting vulnerabilities :
- An unspecified cross-site scripting issue exists related to login pages.
- A cross-site scripting vulnerability exists in the WWHSearchWordsText parameter of the help page.
An attacker could exploit either of these issues by tricking a user into requesting a malicious URL, resulting in arbitrary script code execution.
SolutionUpgrade to Juniper IVE OS version 7.1r13 / 7.2r7 / 7.3r2 or later.