CVE-2026-21904
Junos Space: ilpFilter field on nLegacy.jsp is vulnerable to reflected cross-site script injection
CVSS Score
6.1
EPSS Score
0.0%
EPSS Percentile
10th
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Juniper Networks Junos Space allows an attacker to inject script tags in the list filter field that, when visited by another user, enables the attacker to execute commands with the target's permissions, including an administrator. This issue affects all versions of Junos Space before 24.1R5 Patch V3.
| CWE | CWE-79 |
| Vendor | juniper networks |
| Product | junos space |
| Published | Apr 9, 2026 |
| Last Updated | Apr 10, 2026 |
Stay Ahead of the Next One
Get instant alerts for juniper networks junos space
Be the first to know when new medium vulnerabilities affecting juniper networks junos space are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None
Affected Versions
Juniper Networks / Junos Space
0 < 24.1R5 Patch V3