CVE-2022-22242
Junos OS: Cross-site Scripting (XSS) vulnerability in J-Web
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- December 21, 2021
- Published Date
- October 18, 2022
- Last Updated
- May 09, 2025
- Vendor
- Juniper Networks
- Product
- Junos OS
- Description
- A Cross-site Scripting (XSS) vulnerability in the J-Web component of Juniper Networks Junos OS allows an unauthenticated attacker to run malicious scripts reflected off of J-Web to the victim's browser in the context of their session within J-Web. This issue affects Juniper Networks Junos OS all versions prior to 19.1R3-S9; 19.2 versions prior to 19.2R3-S6; 19.3 versions prior to 19.3R3-S7; 19.4 versions prior to 19.4R2-S7, 19.4R3-S8; 20.1 versions prior to 20.1R3-S5; 20.2 versions prior to 20.2R3-S5; 20.3 versions prior to 20.3R3-S5; 20.4 versions prior to 20.4R3-S4; 21.1 versions prior to 21.1R3-S4; 21.2 versions prior to 21.2R3-S1; 21.3 versions prior to 21.3R3; 21.4 versions prior to 21.4R2; 22.1 versions prior to 22.1R2.
- Tags
- Score
- 85.71% (Percentile: 99.33%) as of 2025-07-28
- Exploitation
- none
- Technical Impact
- partial
- Exploited in the Wild
- Yes (2025-07-21 00:00:00 UTC) Source
edge
nuclei_scanner
CVSS Scores
CVSS v3.1
6.1 - MEDIUM
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
SSVC Information
Exploit Status
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| The Shadowserver (via CIRCL) | 2025-07-22 12:00:57 UTC |
Scanner Integrations
| Scanner | URL | Date Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-22242.yaml | 2025-04-26 00:00:00 UTC |
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Detected by Nuclei
-
Added to KEVIntel