A cross site scripting issue has been found in the Juniper Networks SSL VPN product. The cause of this issue is due to incorrect validation of user input sent to the SSL VPN web server. This issue exists within a file that pertains to the Network Connect (NC)/Pulse feature, which is only accessible by an authenticated user.
This issue was found during proactive security testing of the SSL VPN. No other Juniper products or platforms are vulnerable to this issue.
Risk Assessment CVSS 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
A successful cross site scripting exploit would allow an attacker to dynamically generate web content to their liking which could be rendered in the user's browser. This could allow possible session theft or other possible information disclosure.
All SSL VPN Users