Cross-Site Scripting (XSS) in the JUNOS web management console allows unauthorized access.

  [JSA10406] Show Article Properties

Legacy Advisory Id:
Product Affected:
All JUNOS platforms running the J-Web management module.
A Cross Site scripting vulnerability has been found in the JUNOS web management console. Any JUNOS router using the J-Web management module is potentially impacted, but this issue impacts a narrow range of JUNOS versions.
Upgrade to JUNOS 8.5 Service Release 20081017, 9.0R4.1, or 9.1 or higher.
  • The problem was introduced in JUNOS 8.5. No images before 8.5 are vulnerable.
  • JUNOS 9.1 and higher does not have this issue. The web code was replaced, updated, and tested. It has been validated as to not be vulnerable.
 Acknowledgement: This issue was externally found by Ezhilan Panneerselvam, reported to Juniper's SIRT Team, and managed under responsible disclosure guidelines.

 Disclaimer: Juniper Networks is providing this notice on an "AS IS" basis. No warranty or guarantee of any kind is expressed in this notice and none should be implied. Juniper Networks expressly excludes and disclaims any warranties regarding this notice or materials referred to in this notice, including, without limitation, any implied warranty of merchantability, fitness for a particular purpose, absence of hidden defects, or of noninfringement. Your use or reliance on this notice or materials referred to in this notice is at your own risk. Juniper Networks may change this notice at any time.
Related Links:
Severity Level:
Severity Assessment:
Potential risk where the XSS could grant access to password protected area of the web management console.