Juniper Junos Pulse Secure Access Service IVE OS (SSL VPN) XSS (JSA10602)
Medium Nessus Plugin ID 71429
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the version of Juniper Junos Pulse Secure Access Service IVE OS running on the remote host is affected by an unspecified cross-site scripting vulnerability that is present within a file that pertains to Secure Access Service Web rewriting feature pages hosted on the device's web server. An attacker could exploit this issue by tricking a user into requesting a malicious URL, resulting in arbitrary script code execution.
Note that the issue is only present when the web rewrite feature is enabled on a user's role.
SolutionUpgrade to Juniper Junos Pulse Secure Access Service IVE OS version 7.1r17 / 7.3r8 / 7.4r6 / 8.0r1 or later.