PT-2025-41415 · Juniper Networks · Junos Space
Published
2025-10-08
·
Updated
2025-10-10
·
CVE-2025-59978
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:U/V:X/RE:M/U:X |
Name of the Vulnerable Software and Affected Versions
Juniper Networks Junos Space versions prior to 24.1R4
Description
An Improper Neutralization of Input During Web Page Generation issue exists in Juniper Networks Junos Space. This allows an attacker to store script tags directly in web pages. When viewed by another user, these script tags enable the attacker to execute commands with the target's administrative permissions. The issue is a Cross-site Scripting (XSS) flaw resulting from improper input handling during web page generation.
Recommendations
Update Junos Space to version 24.1R4 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Junos Space