VAR-201006-0426
Vulnerability from variot - Updated: 2025-04-11 23:05Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie. Secure Access is prone to a cross-site scripting vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201006-0426",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "secure access",
"scope": "eq",
"trust": 1.6,
"vendor": "juniper",
"version": "6.5"
},
{
"model": "secure access",
"scope": "eq",
"trust": 0.8,
"vendor": "juniper",
"version": "6.5r1 (build 14599) and 6.5r2 (build 14951)"
},
{
"model": "secure access r2.0",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "6.5"
},
{
"model": "secure access r1.0",
"scope": "eq",
"trust": 0.3,
"vendor": "juniper",
"version": "6.5"
}
],
"sources": [
{
"db": "BID",
"id": "73547"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:juniper:secure_access",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "73547"
}
],
"trust": 0.3
},
"cve": "CVE-2010-2288",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2010-2288",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-44893",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2010-2288",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2010-2288",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201006-248",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-44893",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44893"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in Juniper Networks IVE 6.5R1 (Build 14599) and 6.5R2 (Build 14951) allows remote attackers to inject arbitrary web script or HTML via the DSSignInURL cookie. Secure Access is prone to a cross-site scripting vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-2288"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "BID",
"id": "73547"
},
{
"db": "VULHUB",
"id": "VHN-44893"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-2288",
"trust": 2.8
},
{
"db": "SECTRACK",
"id": "1024090",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "65288",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201006-248",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20100610 PR09-17: JUNIPER SECURE ACCESS SERIERS (JUNIPER IVE) AUTHENTICATED XSS \u0026 REDIRECTION",
"trust": 0.6
},
{
"db": "BID",
"id": "73547",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-44893",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44893"
},
{
"db": "BID",
"id": "73547"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"id": "VAR-201006-0426",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-44893"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-11T23:05:58.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.juniper.net/us/en/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44893"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.procheckup.com/vulnerability_manager/vulnerabilities/pr09-17"
},
{
"trust": 2.0,
"url": "http://www.securitytracker.com/id?1024090"
},
{
"trust": 1.9,
"url": "http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026txtalertnumber=psn-2010-05-751\u0026viewmode=view"
},
{
"trust": 1.7,
"url": "http://osvdb.org/65288"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/511775/100/0/threaded"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/511775/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-2288"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-2288"
},
{
"trust": 0.1,
"url": "http://www.juniper.net/alerts/viewalert.jsp?actionbtn=search\u0026amp;txtalertnumber=psn-2010-05-751\u0026amp;viewmode=view"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-44893"
},
{
"db": "BID",
"id": "73547"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-44893"
},
{
"db": "BID",
"id": "73547"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-44893"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "73547"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"date": "2010-06-15T14:04:26.593000",
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-44893"
},
{
"date": "2010-06-15T00:00:00",
"db": "BID",
"id": "73547"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-004876"
},
{
"date": "2010-06-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201006-248"
},
{
"date": "2025-04-11T00:51:21.963000",
"db": "NVD",
"id": "CVE-2010-2288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juniper Networks IVE of dana/nc/ncrun.cgi Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-004876"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201006-248"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…