CVE-2014-2711

Name of the Vulnerable Software and Affected Versions Junos versions prior to 11.4R11 Junos versions 11.4X27 prior to 11.4X27.62 (BBE) Junos versions 12.1 prior to 12.1R9 Junos versions 12.1X44 prior to 12.1X44-D35 Junos versions 12.1X45 prior to 12.1X45-D25 Junos versions 12.1X46 prior to 12.1X46-D20 Junos versions 12.2 prior to 12.2R7 Junos versions 12.3 prior to 12.3R6 Junos versions 13.1 prior to 13.1R4 Junos versions 13.2 prior to 13.2R3 Junos versions 13.3 prior to 13.3R1

Description A cross-site scripting (XSS) issue in J-Web in Juniper Junos allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For versions prior to 11.4R11, update to 11.4R11 or later. For versions 11.4X27 prior to 11.4X27.62 (BBE), update to 11.4X27.62 (BBE) or later. For versions 12.1 prior to 12.1R9, update to 12.1R9 or later. For versions 12.1X44 prior to 12.1X44-D35, update to 12.1X44-D35 or later. For versions 12.1X45 prior to 12.1X45-D25, update to 12.1X45-D25 or later. For versions 12.1X46 prior to 12.1X46-D20, update to 12.1X46-D20 or later. For versions 12.2 prior to 12.2R7, update to 12.2R7 or later. For versions 12.3 prior to 12.3R6, update to 12.3R6 or later. For versions 13.1 prior to 13.1R4, update to 13.1R4 or later. For versions 13.2 prior to 13.2R3, update to 13.2R3 or later. For versions 13.3 prior to 13.3R1, update to 13.3R1 or later.