CVE-2017-17947

Name of the Vulnerable Software and Affected Versions: Pulse Secure Pulse Connect Secure (PCS) versions 8.0R17.0 and earlier, 8.1.x through 8.1R12, 8.2.x through 8.2R8, 8.3.x through 8.3R2 Pulse Policy Secure (PPS) versions 5.2R9 and earlier, 5.3.x through 5.3R8, 5.4.x through 5.4R2

Description: A cross site scripting issue has been found in custompage.cgi due to one of the URL parameters not being sanitized. Exploitation requires the user to be logged in as administrator and is not applicable to the end user portal.

Recommendations: For Pulse Secure Pulse Connect Secure (PCS) versions 8.0R17.0 and earlier, 8.1.x through 8.1R12, 8.2.x through 8.2R8, 8.3.x through 8.3R2, update to version 8.0R17.0 or later, 8.1R13 or later, 8.2R9 or later, 8.3R3 or later respectively. For Pulse Policy Secure (PPS) versions 5.2R9 and earlier, 5.3.x through 5.3R8, 5.4.x through 5.4R2, update to version 5.2R10 or later, 5.3R9 or later, 5.4R3 or later respectively.