CVE-2009-3485

Опубликовано: 30 сент. 2009

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI.

Ссылки

http://secunia.com/advisories/36829
Vendor Advisory
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08
Exploit
http://www.securityfocus.com/bid/36537
Exploit
http://www.vupen.com/english/advisories/2009/2784
Vendor Advisory
http://secunia.com/advisories/36829
Vendor Advisory
http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-08
Exploit
http://www.securityfocus.com/bid/36537
Exploit
http://www.vupen.com/english/advisories/2009/2784
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:juniper:junos:8.5:r1.14:*:*:*:*:*:*

cpe:2.3:o:juniper:junos:9.0:r1.1:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01895

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-w6gf-8h7h-2hmw

github

почти 4 года назад