CVE-2013-5649 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15 7.2 before 7.2r11 7.3 before 7.3r6 and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page.

Reference

http://kb.juniper.net/JSA10589 http://osvdb.org/97240