From 81101127bf8e59435aa846803bcca2a015510a53 Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Thu, 3 Nov 2022 09:33:25 +0530
Subject: [PATCH] Update CVE-2022-22242.yaml

---
 cves/2022/CVE-2022-22242.yaml | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/cves/2022/CVE-2022-22242.yaml b/cves/2022/CVE-2022-22242.yaml
index 2dece72d4e..db1d96bfe2 100644
--- a/cves/2022/CVE-2022-22242.yaml
+++ b/cves/2022/CVE-2022-22242.yaml
@@ -3,18 +3,17 @@ id: CVE-2022-22242
 info:
   name: Juniper Web Device Manager - Cross-Site Scripting
   author: EvergreenCartoons
-  severity: high
-  description: Juniper Web Device Manager contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
+  severity: medium
+  description: |
+    A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web
   reference:
     - https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
-  classification:
-    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
-    cvss-score: 7.2
-    cwe-id: CWE-79
+    - https://nvd.nist.gov/vuln/detail/CVE-2022-22242
+    - https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US
   metadata:
     verified: true
     shodan-query: title:"Juniper Web Device Manager"
-  tags: xss,juniper
+  tags: cve,cve2022,xss,juniper,junos
 
 requests:
   - method: GET