Vulnerability Detail

Enriched intelligence for a single CVE

PRO Back to KEVs

6.1

CVSS
Medium

CVE-2022-22242

PUBLISHED

Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web

Not yet in CISA KEV

Exploited in the wild PoC available Remote Low complexity

Vendor: Juniper Networks
Product: Junos OS
Published: Oct 18, 2022
EPSS: —

Automate This Intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.

nuclei_scanner

Weaknesses (CWE)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSS Scores

CVSS v3.1 6.1 Medium

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitation Status

Exploited in the wild

Recorded 2025-07-21 00:00:00 UTC · The Shadowserver (via CIRCL)

Proof of concept available

Recorded 2026-06-12 14:20:29 UTC · Nuclei Templates

References

https://kb.juniper.net/JSA69899

Known Exploited Vulnerability Sources

Catalogues that list this CVE as a known exploited vulnerability.

Source	Added
The Shadowserver (via CIRCL) First	2025-07-21 00:00 UTC

Scanner Integrations

Scanner	Reference	Detected
Nuclei	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22242.yaml	Apr 25, 2025

Potential Proof of Concepts

These PoCs are unverified and could contain malware. Use at your own risk.

CVE-2022-22242

nuclei · Created Unknown

Timeline

Proof of Concept Exploit Available

2026-06-12 14:20 UTC
Added to KEVIntel

2025-07-21 00:00 UTC
Detected by Nuclei

2025-04-25 00:00 UTC
CVE Published to Public

2022-10-18 02:46 UTC
CVE ID Reserved

2021-12-21 00:00 UTC