Juniper Junos J-Web Reflected XSS (JSA10764)
Medium Nessus Plugin ID 94333
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number and configuration, the remote Juniper Junos device is affected by a cross-site scripting vulnerability in the J-web component due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user's browser session.
SolutionUpgrade to the relevant Junos software release referenced in Juniper advisory JSA10764.