Ive Os
CVE-2012-5460
MEDIUM
Severity by source
AV:N/AC:M/Au:N/C:N/I:P/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:M/Au:N/C:N/I:P/A:N
Lifecycle Timeline
1DescriptionCVE.org
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter.
AnalysisAI
Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. Cross-site scripting (XSS) vulnerability in the help page in Juniper Secure Access (SA) with IVE OS before 7.1r13, 7.2.x before 7.2r7, and 7.3.x before 7.3r2 allows remote attackers to inject arbitrary web script or HTML via the WWHSearchWordsText parameter. Affected products include: Juniper Ive Os, Juniper Secure Access Virtual Appliance, Juniper Fips Secure Access 4000, Juniper Fips Secure Access 4500, Juniper Fips Secure Access 6000. Version information: before 7.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN)
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos
Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse S
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secur
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today