CVE-2018-0011

A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.

Published: Jan 10, 2018
Updated: Apr 13, 2023
CVE: CVE-2018-0011
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
juniper / junos_space	13.3-r2	13.3-r2.x
juniper / junos_space	13.3-r4	13.3-r4.x
juniper / junos_space	14.1-r2	14.1-r2.x
juniper / junos_space	14.1-r3	14.1-r3.x
juniper / junos_space	15.1-r1	15.1-r1.x
juniper / junos_space	15.1-r2	15.1-r2.x
juniper / junos_space	15.1-r3	15.1-r3.x
juniper / junos_space	15.2-r2	15.2-r2.x
juniper / junos_space	16.1-r2	16.1-r2.x
juniper / junos_space	16.1-r3	16.1-r3.x
juniper / junos_space	17.1-r1	17.1-r1.x
juniper / junos_space	16.1-r1	16.1-r1.x
juniper / junos_space	15.2-r1	15.2-r1.x
juniper / junos_space	14.1-r1	14.1-r1.x
juniper / junos_space	13.3-r1	13.3-r1.x

Vulnerability Database

289,599

CVE-2018-0011