Vulnerability Details : CVE-2009-3487

Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via (1) the JEXEC_OUTID parameter in a JEXEC_MODE_RELAY_OUTPUT action to the jexec program; the (2) act, (3) refresh-time, or (4) ifid parameter to scripter.php; (5) the revision parameter in a rollback action to the configuration program; the m[] parameter to the (6) monitor, (7) manage, (8) events, (9) configuration, or (10) alarms program; (11) the m[] parameter to the default URI; (12) the m[] parameter in a browse action to the default URI; (13) the wizard-next parameter in an https action to the configuration program; or the (14) Contact Information, (15) System Description, (16) Local Engine ID, (17) System Location, or (18) System Name Override SNMP parameter, related to the configuration program.
Vulnerability category: Cross site scripting (XSS)
Published 2009-09-30 15:30:01
Updated 2009-10-02 04:00:00
Source MITRE
View at NVD,

Exploit prediction scoring system (EPSS) score for CVE-2009-3487

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 42 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-3487

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
[email protected]

CWE ids for CVE-2009-3487

References for CVE-2009-3487

Products affected by CVE-2009-3487

This web site uses cookies for managing your session and website analytics (Google analytics) purposes as described in our privacy policy.
By using this web site you are agreeing to terms of use!