CVE-2017-2335

A security researcher testing a Juniper NetScreen Firewall+VPN found multiple stored cross-site scripting vulnerabilities that could be used to elevate privileges through the NetScreen WebUI. A user with the ‘security’ role can inject HTML/JavaScript content into the management session of other users including the administrator. This enables the lower-privileged user to effectively execute commands with the permissions of an administrator. This issue affects Juniper Networks ScreenOS 6.3.0 releases prior to 6.3.0r24 on SSG Series. No other Juniper Networks products or platforms are affected by this issue.