Vulnerabilities > Juniper > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-04-03 | CVE-2012-1038 | Cross-Site Scripting vulnerability in Juniper Networks Mobility System Software Cross-site scripting (XSS) vulnerability in the WebAAA login functionality (wba_login.html) in Juniper Networks Mobility System Software (MSS) 7.6.x before 7.6.3, 7.7.x before 7.7.1, 7.5.x before 7.5.3, and other unspecified versions before 7.4 and 7.3 allows remote attackers to inject arbitrary web script or HTML via a crafted parameter name. | 4.3 |
| 2011-09-02 | CVE-2009-5086 | Cross-Site Scripting vulnerability in Juniper IDP Cross-site scripting (XSS) vulnerability in Appliance Configuration Manager (ACM) in Juniper IDP 4.1 before 4.1r3 and 4.2 before 4.2r1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2010-06-15 | CVE-2010-2289 | Improper Input Validation vulnerability in Juniper Secure Access 6.5 Open redirect vulnerability in dana/home/homepage.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the Location parameter. | 4.3 |
| 2010-06-15 | CVE-2010-2288 | Cross-Site Scripting vulnerability in Juniper Secure Access 6.5 Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie. | 4.3 |
| 2009-09-30 | CVE-2009-3485 | Cross-Site Scripting vulnerability in Juniper Junos 8.5/9.0 Cross-site scripting (XSS) vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI. | 4.3 |
| 2009-02-09 | CVE-2008-6096 | Cross-Site Scripting vulnerability in Juniper Netscreen Screenos Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS before 5.4r10, 6.0r6, and 6.1r2 allows remote attackers to inject arbitrary web script or HTML via the user name parameter to the (1) web interface login page or the (2) telnet login page. | 4.3 |
| 2008-03-06 | CVE-2008-1181 | Information Exposure vulnerability in Juniper Secure Access 2000 5.5 Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote attackers to obtain sensitive information via a direct request for remediate.cgi without certain parameters, which reveals the path in an "Execute failed" error message. | 5.0 |
| 2008-03-06 | CVE-2008-1180 | Cross-Site Scripting vulnerability in Juniper Secure Access 2000 5.5 Cross-site scripting (XSS) vulnerability in dana-na/auth/rdremediate.cgi in Juniper Networks Secure Access 2000 5.5 R1 build 11711 allows remote attackers to inject arbitrary web script or HTML via the delivery_mode parameter. | 4.3 |
| 2006-07-13 | CVE-2006-3567 | HTML Injection vulnerability in Juniper DX 5.1 Cross-site scripting (XSS) vulnerability in the web administration interface logging feature in Juniper Networks (Redline) DX 5.1.x, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the username login field. network juniper | 4.3 |
| 2006-07-12 | CVE-2006-3529 | Remote Denial of Service vulnerability in Juniper Networks JUNOS IPv6 Packet Processing Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, 2006, allows remote attackers to cause a denial of service (kernel packet memory consumption and crash) via crafted IPv6 packets whose buffers are not released after they are processed. | 5.0 |