Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) Multiple XSS (JSA10589)
Medium Nessus Plugin ID 70025
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host is affected by multiple unspecified cross-site scripting vulnerabilities that are present on the login and support pages hosted on the device's web server.
An attacker could exploit these issues by tricking a user into requesting a malicious URL, resulting in arbitrary script code execution.
SolutionUpgrade to Juniper Junos Pulse Secure Access Service IVE OS version 7.1r15 / 7.2r11 / 7.3r6 / 7.4r3 or later.