Lucene search

MitreCVE-2010-2288

HistoryJun 15, 2010 - 2:04 p.m.

CVE-2010-2288

2010-06-1514:04:26

CWE-79

mitre

web.nvd.nist.gov

cve-2010-2288

cross-site scripting

xss

juniper networks

ive

security vulnerability

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie.

Affected configurations

Nvd

Node

junipersecure_accessMatch6.5r1.0

junipersecure_accessMatch6.5r2.0

VendorProductVersionCPE
junipersecure_access6.5cpe:2.3:a:juniper:secure_access:6.5:r1.0:*:*:*:*:*:*
junipersecure_access6.5cpe:2.3:a:juniper:secure_access:6.5:r2.0:*:*:*:*:*:*

Vendor	Product	Version	CPE
juniper	secure_access	6.5	cpe:2.3:a:juniper:secure_access:6.5:r1.0::::::
juniper	secure_access	6.5	cpe:2.3:a:juniper:secure_access:6.5:r2.0::::::

References

osvdb.org/65288

www.juniper.net/alerts/viewalert.jsp?actionBtn=Search&txtAlertNumber=PSN-2010-05-751&viewMode=view

www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17

www.securityfocus.com/archive/1/511775/100/0/threaded

www.securitytracker.com/id?1024090

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.004

Percentile

72.6%

JSON

Related for CVE-2010-2288