daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-22242.yaml

patch-1
Dhiyaneshwaran 2022-11-03 09:33:25 +05:30 committed by GitHub
parent c05565619b
commit 81101127bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2022/CVE-2022-22242.yaml
View File

@ -3,18 +3,17 @@ id: CVE-2022-22242
info: info:
name: Juniper Web Device Manager - Cross-Site Scripting name: Juniper Web Device Manager - Cross-Site Scripting
author: EvergreenCartoons author: EvergreenCartoons
severity: high severity: medium
description: Juniper Web Device Manager contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks. description: |
A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web
reference: reference:
- https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ - https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
classification: - https://nvd.nist.gov/vuln/detail/CVE-2022-22242
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N - https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US
cvss-score: 7.2
cwe-id: CWE-79
metadata: metadata:
verified: true verified: true
shodan-query: title:"Juniper Web Device Manager" shodan-query: title:"Juniper Web Device Manager"
tags: xss,juniper tags: cve,cve2022,xss,juniper,junos
requests: requests:
- method: GET - method: GET