CVE-2014-2291

Name of the Vulnerable Software and Affected Versions Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions prior to 7.1r18 Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 7.3 before 7.3r10 Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 7.4 before 7.4r8 Juniper Junos Pulse Secure Access Service (aka SSL VPN) versions 8.0 before 8.0r1

Description A cross-site scripting (XSS) issue exists in the Pulse Collaboration (Secure Meeting) user pages, allowing remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Recommendations For versions prior to 7.1r18, update to version 7.1r18 or later. For versions 7.3 before 7.3r10, update to version 7.3r10 or later. For versions 7.4 before 7.4r8, update to version 7.4r8 or later. For versions 8.0 before 8.0r1, update to version 8.0r1 or later.