PT-2016-6143 · Pulse · Pulse Connect Secure
Published
2016-05-26
·
Updated
2024-02-27
·
CVE-2016-4789
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Pulse Connect Secure (PCS) versions 7.4 through 7.4r13.3
Pulse Connect Secure (PCS) versions 8.0 through 8.0r8
Pulse Connect Secure (PCS) versions 8.1 through 8.1r1
Pulse Connect Secure (PCS) versions 8.2 through 8.2r0
Description
A cross-site scripting (XSS) issue exists in the system configuration section of the administrative user interface, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Recommendations
For Pulse Connect Secure (PCS) version 7.4, update to version 7.4r13.4 or later.
For Pulse Connect Secure (PCS) version 8.0, update to version 8.0r9 or later.
For Pulse Connect Secure (PCS) version 8.1, update to version 8.1r2 or later.
For Pulse Connect Secure (PCS) version 8.2, update to version 8.2r1 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pulse Connect Secure