-----BEGIN PGP SIGNED MESSAGE-----
o PROBLEM DETAILS
The Juniper Secure Access (SA) web interface allows users to manage the
bookmarks on their landing page. This bookmark management functionality
does not filter user input properly and can allow cross site scripting
Upon modification or creation of a bookmark, the editbk.cgi script is
requested with a parameter named "row". This parameter identifies the
bookmark in question and its value is used in the server response. It is a
flaw in the input handling of this "row" parameter that makes the appliance
vulnerable to a cross site scripting attack.
Successful exploitation could allow a remote attacker to hijack an
authenticated session between a victim and the Juniper SA web interface.
Usage of the Single Sign-On (SSO) feature will severely increase the impact
as SSO automatically grants the hijacked session access to ot
Read more »