Cross-Site Scripting Vulnerability in Juniper Networks SA2000 SSL VPN Appliance

vendor:

SA2000 SSL VPN Appliance

by:

Unknown

7.5

CVSS

HIGH

Cross-Site Scripting

CWE

Product Name: SA2000 SSL VPN Appliance

Affected Version From: Juniper Networks SA2000 SSL VPN appliance running IVE OS 6.5R1 (Build 14599)

Affected Version To: Unknown

Patch Exists: NO

Related CWE: Unknown

CPE: a:juniper_networks:sa2000_ssl_vpn_appliance

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Cross-Site Scripting Vulnerability in Juniper Networks SA2000 SSL VPN Appliance

The Juniper Networks SA2000 SSL VPN appliance is vulnerable to a cross-site scripting (XSS) attack due to a failure in properly sanitizing user-supplied input in its web interface. An attacker can exploit this vulnerability to execute arbitrary script code in the browser of a victim user, potentially leading to the theft of authentication credentials and other malicious activities.

Mitigation:

It is recommended to update to a non-vulnerable version of the software or apply patches provided by the vendor. Additionally, users should exercise caution when visiting untrusted websites and ensure they are using secure connections.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/41664/info

Juniper Networks SA2000 SSL VPN appliance is prone to a cross-site scripting vulnerability because the web interface fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Juniper Networks SA2000 running IVE OS 6.5R1 (Build 14599) are vulnerable; other models and versions may also be affected. 

http://www.example.com/dana-na/auth/url_default/welcome.cgi?p=logout&c=37&u=</script><script>alert(1)</script>