| Vulnerability Name: | CCN-16574 | ||||||
| Published: | 2004-06-30 | ||||||
| Updated: | 2004-06-30 | ||||||
| Summary: | NetScreen is vulnerable to cross-site scripting, caused by improper filtering of user-supplied input. A remote attacker could create a zip archive containing a specially-crafted file with a virus, which when detected by the antivirus engine, generates a dialog box that displays the name of the malicious file. If the name of the file contains HTML code, the code would be executed on the system in the victim's Web browser within the security context of the hosting site, once the box is displayed. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. | ||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||
| CVSS v2 Severity: | 2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
| ||||||
| Vulnerability Consequences: | Gain Access | ||||||
| References: | Source: CCN Type: Juniper Support Web page Juniper Networks :: Support Source: CCN Type: Juniper NetScreen Advisory 59147 Juniper Networks NetScreen 5GT Firewalls with AV Source: XF Type: UNKNOWN netscreen-5gt-firewall-xss(16574) | ||||||
| Vulnerable Configuration: | Configuration CCN 1: Denotes that component is vulnerable | ||||||
| BACK | |||||||