cve-2012-5460

Vulnerability from cvelistv5

Published

2013-07-31 21:00

Modified

2024-09-16 22:36

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
cve@mitre.org	http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
af854a3a-2127-422b-91ae-364da2661108	http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T21:05:47.257Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20130722 Juniper Secure Access XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-07-31T21:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20130722 Juniper Secure Access XSS Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5460",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Juniper Secure Access XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
            },
            {
              "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view",
              "refsource": "MISC",
              "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-5460",
    "datePublished": "2013-07-31T21:00:00Z",
    "dateReserved": "2012-10-24T00:00:00Z",
    "dateUpdated": "2024-09-16T22:36:07.051Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-5460\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-08-01T13:32:35.103\",\"lastModified\":\"2024-11-21T01:44:42.477\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad XSS en la p\u00e1gina de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s del par\u00e1metro WWHSearchWordsText.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4313025-3FC4-42DB-B18E-57EC5C566B74\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"754A5F1C-E181-4D36-86A7-5124C22EBF40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ECD0F7E-715A-4C52-ACF1-EE7A7042B991\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49C013C9-3F10-4B6A-A1C6-7171DB9BE6DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80CC7A54-95DD-4C60-8A99-21F800616784\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B68C4310-771E-4E8F-9C62-6EBE233FCB92\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55331F37-6F9B-48A8-BBB3-BE9EBF4C2B3D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"528028F3-3F3F-4354-A1D7-2EF66BA27CEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EE557B9-DF6D-4C20-98BE-E934D187CCFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB174F88-B643-4338-BCD6-A9CD0EDB54A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"115C8834-8BD1-4561-8B98-AE29E3B9C1C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"54C5F933-61BB-40EA-9ADC-C22CFE8F9D1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF6B885A-5C17-4928-A1B9-4A729F277F4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82E5E8BD-68B9-4C94-A1F0-3F5C3EC7620A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D6A2465-451A-436A-89C1-94424A0C4AB8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641091CF-F671-4AD7-B10F-E50497AC462B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"501D212B-D846-4D43-B6D8-F01C2483AB64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"075FD895-451D-4959-9A73-94F5BB1853E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"42FB27DD-D685-4D5E-8DAF-7A34DE33AB59\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-5cmx-jcm8-6c7m

Vulnerability from github

Published

2022-05-17 05:07

Modified

2022-05-17 05:07

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2012-5460"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-08-01T13:32:00Z",
    "severity": "MODERATE"
  },
  "details": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.",
  "id": "GHSA-5cmx-jcm8-6c7m",
  "modified": "2022-05-17T05:07:08Z",
  "published": "2022-05-17T05:07:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5460"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
    },
    {
      "type": "WEB",
      "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2012-5460

Vulnerability from gsd

Modified

2023-12-13 01:20

Details

Aliases

CVE-2012-5460

Aliases

CVE-2012-5460

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-5460",
    "description": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.",
    "id": "GSD-2012-5460"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-5460"
      ],
      "details": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.",
      "id": "GSD-2012-5460",
      "modified": "2023-12-13T01:20:19.811140Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-5460",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20130722 Juniper Secure Access XSS Vulnerability",
            "refsource": "BUGTRAQ",
            "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
          },
          {
            "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view",
            "refsource": "MISC",
            "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-5460"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20130722 Juniper Secure Access XSS Vulnerability",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
            },
            {
              "name": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2013-08-01T13:32Z",
      "publishedDate": "2013-08-01T13:32Z"
    }
  }
}

Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Junos Pulse Secure Access Service (SSL VPN) is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Attacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. The client supports remote and mobile users to access enterprise resources with various web devices. The vulnerability exists in the following product versions: versions prior to 7.1r13, versions prior to 7.2r7, versions prior to 7.3r2. -------------------------------------------------------------------------------

| Juniper Secure Access XSS Vulnerability|

Summary

Juniper Secure Access software has reflected XSS vulnerability

CVE number: CVE-2012-5460 PSN-2013-03-874 Impact: Low

Vendor homepage: http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view

Vendor notified: 06/06/2012

Vendor fixed: 12/12/2012

Affected Products

Juniper SA (IVE OS) to versions prior to 7.1r13, 7.2r7, 7.3r2 .

Details

In order to exploit this vulnerability , the client should authenticate to SSLVPN service.The vulnerable parameter exists on help page of IVE user web interface.

Effected parameter: WWHSearchWordsText

Impact

Execution of arbitrary script code in a user's browser during an authenticated session.

Solution

Upgrade to 7.1r13, 7.2r7, 7.3r2, or higher.

Twitter @pazwant

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201308-0003",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.3"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.1"
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "juniper",
        "version": "7.2"
      },
      {
        "model": "secure access virtual appliance",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 700",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6610 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6500",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag4610 gateway",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.2r7"
      },
      {
        "model": "secure access 700",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.3.x"
      },
      {
        "model": "secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 6000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag4610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag2600 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "mag6611 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.3r2"
      },
      {
        "model": "mag6610 gateway",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2000",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access virtual appliance",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "ive os",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "juniper",
        "version": "7.2.x"
      },
      {
        "model": "fips secure access 6500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "secure access 2500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "fips secure access 4500",
        "scope": null,
        "trust": 0.8,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service virtual appliance",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "juniper",
        "version": "0"
      },
      {
        "model": "junos pulse secure access service sa700",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa6500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa6000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa4500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa2500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service sa2000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag6611",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag6610",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag4610",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service mag2600",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa6500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa6000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa4500",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      },
      {
        "model": "junos pulse secure access service fips sa4000",
        "scope": null,
        "trust": 0.3,
        "vendor": "juniper",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:juniper:ive_os",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:fips_secure_access_4000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:fips_secure_access_4500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:fips_secure_access_6000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:fips_secure_access_6500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:mag2600_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:mag4610_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:mag6610_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:mag6611_gateway",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:juniper:secure_access_2000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:secure_access_2500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:secure_access_4000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:secure_access_4500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:secure_access_6000",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:secure_access_6500",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/h:juniper:secure_access_700",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:juniper:secure_access_virtual_appliance",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "61399"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2012-5460",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2012-5460",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-58741",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2012-5460",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2012-5460",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201307-518",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-58741",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Junos Pulse Secure Access Service (SSL VPN) is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. \nAttacker-supplied HTML and script code could be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks may also be possible. The client supports remote and mobile users to access enterprise resources with various web devices. The vulnerability exists in the following product versions: versions prior to 7.1r13, versions prior to 7.2r7, versions prior to 7.3r2. -------------------------------------------------------------------------------\n\n\n| Juniper Secure Access XSS Vulnerability|\n\n\n--------------------------------------------------------------------------------\n\n\nSummary\n===============\n\nJuniper Secure Access software has reflected XSS vulnerability\n\nCVE number: CVE-2012-5460\nPSN-2013-03-874\nImpact: Low\n\nVendor homepage:\nhttp://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view\n\nVendor notified: 06/06/2012\n\nVendor fixed: 12/12/2012\n\nAffected Products\n=================\nJuniper SA (IVE OS) to versions prior to  7.1r13, 7.2r7, 7.3r2 . \n\n\nDetails\n==================\nIn order to exploit this vulnerability , the client should\nauthenticate to SSLVPN service.The vulnerable parameter exists on help\npage of IVE user web interface. \n\nEffected parameter: WWHSearchWordsText\n\nImpact\n==================\nExecution of arbitrary script code in a user\u0027s browser during an\nauthenticated session. \n\n\nSolution\n==================\nUpgrade to 7.1r13, 7.2r7, 7.3r2, or higher. \n\nTwitter @pazwant\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-58741",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2012-5460",
        "trust": 2.9
      },
      {
        "db": "BID",
        "id": "61399",
        "trust": 1.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20130722 JUNIPER SECURE ACCESS XSS VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "JUNIPER",
        "id": "JSA10554",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "122518",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-58741",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "id": "VAR-201308-0003",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-08-14T14:06:45.753000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "JSA10554",
        "trust": 0.8,
        "url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10554"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026txtalertnumber=psn-2013-03-874\u0026viewmode=view"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-5460"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-5460"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/bid/61399"
      },
      {
        "trust": 0.3,
        "url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10554"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/"
      },
      {
        "trust": 0.3,
        "url": "http://www.juniper.net/us/en/products-services/software/junos-platform/junos-pulse/secure-access/"
      },
      {
        "trust": 0.1,
        "url": "http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026amp;txtalertnumber=psn-2013-03-874\u0026amp;viewmode=view"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-5460"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "db": "BID",
        "id": "61399"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "date": "2013-07-22T00:00:00",
        "db": "BID",
        "id": "61399"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "date": "2013-07-23T14:44:44",
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "date": "2013-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "date": "2013-08-01T13:32:35.103000",
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-08-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-58741"
      },
      {
        "date": "2013-07-22T00:00:00",
        "db": "BID",
        "id": "61399"
      },
      {
        "date": "2013-08-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      },
      {
        "date": "2013-07-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      },
      {
        "date": "2013-08-01T13:32:35.103000",
        "db": "NVD",
        "id": "CVE-2012-5460"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Juniper Secure Access of  IVE OS Help page cross-site scripting vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-003638"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "122518"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201307-518"
      }
    ],
    "trust": 0.7
  }
}

fkie_cve-2012-5460

Vulnerability from fkie_nvd

Published

2013-08-01 13:32

Modified

2024-11-21 01:44

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
cve@mitre.org	http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html
af854a3a-2127-422b-91ae-364da2661108	http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2013-03-874&viewMode=view	Vendor Advisory

Impacted products

Vendor	Product	Version
juniper	ive_os	7.1
juniper	ive_os	7.2
juniper	ive_os	7.3
juniper	secure_access_virtual_appliance	-
juniper	fips_secure_access_4000	-
juniper	fips_secure_access_4500	-
juniper	fips_secure_access_6000	-
juniper	fips_secure_access_6500	-
juniper	mag2600_gateway	-
juniper	mag4610_gateway	-
juniper	mag6610_gateway	-
juniper	mag6611_gateway	-
juniper	secure_access_2000	-
juniper	secure_access_2500	-
juniper	secure_access_4000	-
juniper	secure_access_4500	-
juniper	secure_access_6000	-
juniper	secure_access_6500	-
juniper	secure_access_700	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4313025-3FC4-42DB-B18E-57EC5C566B74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A5F1C-E181-4D36-86A7-5124C22EBF40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:juniper:ive_os:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ECD0F7E-715A-4C52-ACF1-EE7A7042B991",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:juniper:secure_access_virtual_appliance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "49C013C9-3F10-4B6A-A1C6-7171DB9BE6DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "80CC7A54-95DD-4C60-8A99-21F800616784",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_4500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B68C4310-771E-4E8F-9C62-6EBE233FCB92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "55331F37-6F9B-48A8-BBB3-BE9EBF4C2B3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:fips_secure_access_6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "528028F3-3F3F-4354-A1D7-2EF66BA27CEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag2600_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EE557B9-DF6D-4C20-98BE-E934D187CCFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag4610_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB174F88-B643-4338-BCD6-A9CD0EDB54A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag6610_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "115C8834-8BD1-4561-8B98-AE29E3B9C1C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:mag6611_gateway:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "54C5F933-61BB-40EA-9ADC-C22CFE8F9D1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_2000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF6B885A-5C17-4928-A1B9-4A729F277F4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_2500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E5E8BD-68B9-4C94-A1F0-3F5C3EC7620A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_4000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6A2465-451A-436A-89C1-94424A0C4AB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_4500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "641091CF-F671-4AD7-B10F-E50497AC462B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_6000:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "501D212B-D846-4D43-B6D8-F01C2483AB64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_6500:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "075FD895-451D-4959-9A73-94F5BB1853E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:juniper:secure_access_700:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "42FB27DD-D685-4D5E-8DAF-7A34DE33AB59",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad XSS en la p\u00e1gina de ayuda en Juniper Secure Access (SA) con IVE OS anterior a 7.1r13, 7.2.x anterior a 7.2r7, y 7.3.x anterior a 7.3r2, permite a atacantes remotos inyectar secuencias de comandos web y HTML arbitrarias a trav\u00e9s del par\u00e1metro WWHSearchWordsText."
    }
  ],
  "id": "CVE-2012-5460",
  "lastModified": "2024-11-21T01:44:42.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2013-08-01T13:32:35.103",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0148.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.juniper.net/alerts/viewalert.jsp?actionBtn=Search\u0026txtAlertNumber=PSN-2013-03-874\u0026viewMode=view"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2012-5460

Vulnerability from cvelistv5

ghsa-5cmx-jcm8-6c7m

Vulnerability from github

gsd-2012-5460

Vulnerability from gsd

var-201308-0003

Vulnerability from variot

Summary

Affected Products

Details

Impact

Solution

fkie_cve-2012-5460

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature