Jean-Frédéric Gauron

**Name of the Vulnerable Software and Affected Versions** Pulse Connect Secure and Pulse Policy Secure versions prior to 9.1R8.2 **Description** A vulnerability in the authenticated user web interface could allow attackers to conduct Cross-Site Scripting (XSS). **Recommendations** For Pulse Connect Secure and Pulse Policy Secure versions prior to 9.1R8.2, update to version 9.1R8.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pulse Connect Secure versions prior to 9.1R8.2 **Description** A vulnerability in the Pulse Connect Secure admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. **Recommendations** For versions prior to 9.1R8.2, update to version 9.1R8.2 or later to resolve the issue.