CVE-2010-2288

  • Last update: Apr 13, 2023

Description

Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie.

Software From Fixed in
juniper / secure_access 6.5-r2.0 6.5-r2.0.x
juniper / secure_access 6.5-r1.0 6.5-r1.0.x

Details

    • Severity: Low
  • CVE: CVE-2010-2288
  • Published: Jun 15, 2010
  • Updated: Apr 13, 2023
  • Exploit:

CVSS v2

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs

OWASP TOP 10