A persistent cross-site scripting vulnerability in the UI framework used by Junos Space Security Director may allow authenticated users to inject persistent and malicious scripts. This may allow stealing of information or performing actions as a different user when other users access the Security Director web interface. This issue affects all versions of Juniper Networks Junos Space Security Director prior to 17.2R2.
CWE-79
CVE-2018-0059
A persistent cross-site scripting vulnerability in the graphical user interface of ScreenOS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. Affected releases are Juniper Networks ScreenOS 6.3.0 versions prior to 6.3.0r26.
CVE-2018-0011
A reflected cross site scripting (XSS) vulnerability in Junos Space may potentially allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a session, and to perform administrative actions on the Junos Space network management device.
CVE-2020-9995
An issue existed in the parsing of URLs. This issue was addressed with improved input validation. This issue is fixed in macOS Server 5.11. Processing a maliciously crafted URL may lead to an open redirect or cross site scripting.
CVE-2020-9952
An input validation issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, tvOS 14.0, watchOS 7.0, Safari 14.0, iCloud for Windows 11.4, iCloud for Windows 7.21. Processing maliciously crafted web content may lead to a cross site scripting attack.
CVE-2020-9925
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing maliciously crafted web content may lead to universal cross site scripting.
