CVE-2014-2711
Description
Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos before 11.4R11, 11.4X27 before 11.4X27.62 (BBE), 12.1 before 12.1R9, 12.1X44 before 12.1X44-D35, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, 12.2 before 12.2R7, 12.3 before 12.3R6, 13.1 before 13.1R4, 13.2 before 13.2R3, and 13.3 before 13.3R1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Risk Information
Base Score
6.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
Exploitation Probability
0.443
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are fixed in junos 11.4r11 | NCM |
| Vulnerabilities CVE-2014-2711,CVE-2014-2712,CVE-2014-2713,CVE-2014-6380 are fixed in junos 12.1r9 | NCM |
| Multiple Vulnerabilities are fixed in junos 12.2r7 | NCM |
| Vulnerabilities CVE-2014-2711,CVE-2014-3818,CVE-2014-6379,CVE-2014-6380 are fixed in junos 12.3r6 | NCM |
| Multiple Vulnerabilities are fixed in junos 13.1r4 | NCM |
| Vulnerabilities CVE-2014-0614,CVE-2014-2711 are fixed in junos 13.2r3 | NCM |
| Multiple Vulnerabilities are fixed in junos 13.3r1 | NCM |
| Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability (CVE-2014-2711) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
| PATCH-1704488 | Security Update for junos 9.2r1 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234