This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can trigger a Cross Site Scripting in SRX Web
Authentication of Junos, in order to execute JavaScript code in
the context of the web site.

Impacted products : Juniper J-Series, JUNOS

Severity : 2/4

Creation date : 10/07/2014

DESCRIPTION OF THE VULNERABILITY

The Junos product offers a web service.

However, it does not filter received data before inserting them in
generated HTML documents.

An attacker can therefore trigger a Cross Site Scripting in SRX
Web Authentication of Junos, in order to execute JavaScript code
in the context of the web site.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Junos-Cross-Site-Scripting-of-SRX-Web-Authentication-15025