Vigil@nce: Juniper Secure Access, Cross Site Scripting
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the logout page, in order to generate a Cross
Site Scripting in IVE/Secure Access.
– Severity: 2/4
– Creation date: 15/07/2010
DESCRIPTION OF THE VULNERABILITY
The web logout page can be accessed via "welcome.cgi?p=logout&u=user".
This page displays data given to the "u=" parameter, without
filtering them correctly. If the "u" parameter contains JavaScript
code, it is executed in the context of the victim’s web browser.
An attacker can therefore use the logout page, in order to
generate a Cross Site Scripting in IVE/Secure Access.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Juniper-Secure-Access-Cross-Site-Scripting-9768