CVE-2024-21620
HIGHDescription
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | junos |
| juniper | ex_redundant_power_system |
| juniper | ex_rps |
| juniper | ex2200 |
| juniper | ex2200-c |
| juniper | ex2200-vc |
| juniper | ex2300 |
| juniper | ex2300-24mp |
| juniper | ex2300-24p |
| juniper | ex2300-24t |
| juniper | ex2300-48mp |
| juniper | ex2300-48p |
| juniper | ex2300-48t |
| juniper | ex2300-c |
| juniper | ex2300_multigigabit |
| juniper | ex2300m |
| juniper | ex3200 |
| juniper | ex3300 |
| juniper | ex3300-vc |
| juniper | ex3400 |
| juniper | ex4100 |
| juniper | ex4100-f |
| juniper | ex4100_multigigabit |
| juniper | ex4200 |
| juniper | ex4200-vc |
| juniper | ex4300 |
| juniper | ex4300-24p |
| juniper | ex4300-24p-s |
| juniper | ex4300-24t |
| juniper | ex4300-24t-s |
| juniper | ex4300-32f |
| juniper | ex4300-32f-dc |
| juniper | ex4300-32f-s |
| juniper | ex4300-48mp |
| juniper | ex4300-48mp-s |
| juniper | ex4300-48p |
| juniper | ex4300-48p-s |
| juniper | ex4300-48t |
| juniper | ex4300-48t-afi |
| juniper | ex4300-48t-dc |
| juniper | ex4300-48t-dc-afi |
| juniper | ex4300-48t-s |
| juniper | ex4300-48tafi |
| juniper | ex4300-48tdc |
| juniper | ex4300-48tdc-afi |
| juniper | ex4300-mp |
| juniper | ex4300-vc |
| juniper | ex4300_multigigabit |
| juniper | ex4300m |
| juniper | ex4400 |
| juniper | ex4400-24x |
| juniper | ex4400_multigigabit |
| juniper | ex4500 |
| juniper | ex4500-vc |
| juniper | ex4550 |
| juniper | ex4550-vc |
| juniper | ex4550\/vc |
| juniper | ex4600 |
| juniper | ex4600-vc |
| juniper | ex4650 |
| juniper | ex6200 |
| juniper | ex6210 |
| juniper | ex8200 |
| juniper | ex8200-vc |
| juniper | ex8208 |
| juniper | ex8216 |
| juniper | ex9200 |
| juniper | ex9204 |
| juniper | ex9208 |
| juniper | ex9214 |
| juniper | ex9250 |
| juniper | ex9251 |
| juniper | ex9253 |
| juniper | srx100 |
| juniper | srx110 |
| juniper | srx1400 |
| juniper | srx1500 |
| juniper | srx1600 |
| juniper | srx210 |
| juniper | srx220 |
| juniper | srx2300 |
| juniper | srx240 |
| juniper | srx240h2 |
| juniper | srx240m |
| juniper | srx300 |
| juniper | srx320 |
| juniper | srx340 |
| juniper | srx3400 |
| juniper | srx345 |
| juniper | srx3600 |
| juniper | srx380 |
| juniper | srx4000 |
| juniper | srx4100 |
| juniper | srx4200 |
| juniper | srx4300 |
| juniper | srx4600 |
| juniper | srx4700 |
| juniper | srx5000 |
| juniper | srx5400 |
| juniper | srx550 |
| juniper | srx550_hm |
| juniper | srx550m |
| juniper | srx5600 |
| juniper | srx5800 |
| juniper | srx650 |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-21620? +
How severe is CVE-2024-21620? +
What products are affected by CVE-2024-21620? +
How do I check if I'm vulnerable to CVE-2024-21620? +
Related Vulnerabilities
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting (XSS) vulnerability allows …
Reflected Cross-Site Scripting (XSS) vulnerability in Navigate Content Management System. The vulnerability is present in the '/blog' endpoint because user …
Cross-Site Scripting (XSS) vulnerability reflected in Semantic MediaWiki. This vulnerability allows an attacker to execute JavaScript code in the victim's …
Bludit CMS prior to commit 6732dde contains a reflected cross-site scripting vulnerability in the search plugin that allows unauthenticated attackers …
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the admin dashboard's Autodiscover …
mailcow: dockerized is an open source groupware/email suite based on docker. In versions prior to 2026-03b, the mailcow web interface …