Juniper Junos J-Web Persistent XSS (JSA10619)

Medium Nessus Plugin ID 73493


The remote device is missing a vendor-supplied security patch.


According to its self-reported version number, the remote Junos device is affected by a stored cross-site scripting vulnerability due to a failure to sanitize user-supplied input to the J-Web interface. An attacker can exploit this vulnerability to execute arbitrary JavaScript in the context of the end-user's browser.

Note that this issue only affects devices with J-Web enabled.


Apply the relevant Junos software release or workaround referenced in Juniper advisory JSA10619.

See Also

Plugin Details

Severity: Medium

ID: 73493

File Name: juniper_jsa10619.nasl

Version: 1.7

Type: combined

Published: 2014/04/14

Modified: 2017/05/16

Dependencies: 55932

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/o:juniper:junos

Required KB Items: Host/Juniper/JUNOS/Version, Host/Juniper/JUNOS/BuildDate

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2014/03/20

Vulnerability Publication Date: 2014/04/09

Reference Information

CVE: CVE-2014-2711

BID: 66770

OSVDB: 105612

JSA: JSA10619

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990