CVE-2021-31373

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions 18.2 through 18.2R3-S8 Juniper Networks Junos OS on SRX Series versions 18.3 through 18.3R3-S5 Juniper Networks Junos OS on SRX Series versions 18.4 through 18.4R3-S8 Juniper Networks Junos OS on SRX Series versions 19.1 through 19.1R3-S5 Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R1-S7 Juniper Networks Junos OS on SRX Series versions 19.2 through 19.2R3-S3 Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R2-S6 Juniper Networks Junos OS on SRX Series versions 19.3 through 19.3R3-S3 Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R1-S4 Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R2-S4 Juniper Networks Junos OS on SRX Series versions 19.4 through 19.4R3-S3 Juniper Networks Junos OS on SRX Series versions 20.1 through 20.1R2-S2 Juniper Networks Junos OS on SRX Series versions 20.1 through 20.1R3 Juniper Networks Junos OS on SRX Series versions 20.2 through 20.2R3-S1 Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R2-S1 Juniper Networks Junos OS on SRX Series versions 20.3 through 20.3R3

Description A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions.

Recommendations For versions 18.2 through 18.2R3-S8, update to version 18.2R3-S8 or later. For versions 18.3 through 18.3R3-S5, update to version 18.3R3-S5 or later. For versions 18.4 through 18.4R3-S8, update to version 18.4R3-S8 or later. For versions 19.1 through 19.1R3-S5, update to version 19.1R3-S5 or later. For versions 19.2 through 19.2R1-S7, update to version 19.2R1-S7 or later. For versions 19.2 through 19.2R3-S3, update to version 19.2R3-S3 or later. For versions 19.3 through 19.3R2-S6, update to version 19.3R2-S6 or later. For versions 19.3 through 19.3R3-S3, update to version 19.3R3-S3 or later. For versions 19.4 through 19.4R1-S4, update to version 19.4R1-S4 or later. For versions 19.4 through 19.4R2-S4, update to version 19.4R2-S4 or later. For versions 19.4 through 19.4R3-S3, update to version 19.4R3-S3 or later. For versions 20.1 through 20.1R2-S2, update to version 20.1R2-S2 or later. For versions 20.1 through 20.1R3, update to version 20.1R3 or later. For versions 20.2 through 20.2R3-S1, update to version 20.2R3-S1 or later. For versions 20.3 through 20.3R2-S1, update to version 20.3R2-S1 or later. For versions 20.3 through 20.3R3, update to version 20.3R3 or later.