An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability, a stored XSS (or persistent), in the Control Center Controller web pages of Juniper Networks Paragon Active Assurance (Formerly Netrounds) allows a high-privilege attacker with 'WRITE' permissions to store one or more malicious scripts that will infect any other authorized user's account when they accidentally trigger the malicious script(s) while managing the device. Triggering these attacks enables the attacker to execute commands with the permissions up to that of the superuser account. This issue affects: Juniper Networks Paragon Active Assurance (Formerly Netrounds) All versions prior to 3.1.1; 3.2 versions prior to 3.2.1.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://kb.juniper.net/JSA69883 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: juniper
Published: 2022-10-18T02:46:31.075192Z
Updated: 2024-09-16T16:28:28.563Z
Reserved: 2021-12-21T00:00:00
Link: CVE-2022-22229
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-10-18T03:15:10.130
Modified: 2022-10-20T14:49:44.643
Link: CVE-2022-22229
Redhat
No data.