CVE-2015-3005

Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, 12.1X47 before 12.1X47-D20, and 12.3X48 before 12.3X48-D10 on SRX series devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Published: Apr 10, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-3005
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
juniper / junos	12.1x44-d20	12.1x44-d20.x
juniper / junos	12.1x44-d10	12.1x44-d10.x
juniper / junos	12.1x44-d40	12.1x44-d40.x
juniper / junos	12.1x44-d15	12.1x44-d15.x
juniper / junos	12.1x44-d25	12.1x44-d25.x
juniper / junos	12.1x44-d30	12.1x44-d30.x
juniper / junos	12.1x44	12.1x44.x
juniper / junos	12.1x44-d35	12.1x44-d35.x
juniper / junos	12.1x46-d20	12.1x46-d20.x
juniper / junos	12.1x46-d15	12.1x46-d15.x
juniper / junos	12.1x46-d10	12.1x46-d10.x
juniper / junos	12.1x46-d25	12.1x46-d25.x
juniper / junos	12.1x46	12.1x46.x
juniper / junos	12.1x47	12.1x47.x
juniper / junos	12.1x47-d10	12.1x47-d10.x
juniper / junos	12.1x48	12.1x48.x

Vulnerability Database

289,697

CVE-2015-3005