Lookup for vulnerabilities affecting packages.
| Vulnerability_id | VCID-f68p-fhvw-ruga |
|---|
| Summary | An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the Generate Report page that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator.
This issue affects all versions of Junos Space before 24.1R4. |
|---|
| Aliases |
|
|---|
| Fixed_packages |
|
|---|
| Affected_packages |
|
|---|
| References |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-60000 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10659 |
| published_at |
2026-06-11T12:55:00Z |
|
| 1 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10718 |
| published_at |
2026-06-12T12:55:00Z |
|
| 2 |
| value |
0.00035 |
| scoring_system |
epss |
| scoring_elements |
0.10719 |
| published_at |
2026-06-13T12:55:00Z |
|
| 3 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11628 |
| published_at |
2026-06-14T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-60000 |
|
| 1 |
| reference_url |
https://supportportal.juniper.net/JSA103140 |
| reference_id |
JSA103140 |
| reference_type |
|
| scores |
| 0 |
| value |
6.1 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
|
| 1 |
| value |
5.1 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
|
| 2 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-09T18:49:02Z/ |
|
|
| url |
https://supportportal.juniper.net/JSA103140 |
|
|
|---|
| Weaknesses |
| 0 |
| cwe_id |
79 |
| name |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
| description |
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
|
|
|---|
| Exploits |
|
|---|
| Severity_range_score | 5.1 - 6.1 |
|---|
| Exploitability | null |
|---|
| Weighted_severity | null |
|---|
| Risk_score | null |
|---|
| Resource_url | http://public2.vulnerablecode.io/vulnerabilities/VCID-f68p-fhvw-ruga |
|---|