daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2022-22242.yaml

patch-1
Dhiyaneshwaran 2022-11-03 09:33:25 +05:30 committed by GitHub
parent c05565619b
commit 81101127bf
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 6 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
cves/2022/CVE-2022-22242.yaml
View File

@ -3,18 +3,17 @@ id: CVE-2022-22242
info:
name: Juniper Web Device Manager - Cross-Site Scripting
author: EvergreenCartoons
severity: high
description: Juniper Web Device Manager contains a cross-site scripting vulnerability. An attacker can execute arbitrary script and thus steal cookie-based authentication credentials and launch other attacks.
severity: medium
description: |
A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web
reference:
- https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
cvss-score: 7.2
cwe-id: CWE-79
- https://nvd.nist.gov/vuln/detail/CVE-2022-22242
- https://supportportal.juniper.net/s/article/2022-10-Security-Bulletin-Junos-OS-Multiple-vulnerabilities-in-J-Web?language=en_US
metadata:
verified: true
shodan-query: title:"Juniper Web Device Manager"
tags: xss,juniper
tags: cve,cve2022,xss,juniper,junos
requests:
- method: GET