PT-2019-10245 · Pulse Secure · Pulse Connect Secure
Published
2019-03-16
·
Updated
2024-02-27
·
CVE-2018-20807
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Pulse Secure Pulse Connect Secure (PCS) versions 8.1.x through 8.1R11
Pulse Secure Pulse Connect Secure (PCS) versions 8.2.x through 8.2R8
Pulse Secure Pulse Connect Secure (PCS) versions 8.3.x through 8.3R2
Description:
A cross-site scripting (XSS) issue has been discovered due to improper sanitization of one of the URL parameters in the welcome.cgi file.
Recommendations:
For versions 8.1.x through 8.1R11, update to version 8.1R12 or later.
For versions 8.2.x through 8.2R8, update to version 8.2R9 or later.
For versions 8.3.x through 8.3R2, update to version 8.3R3 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pulse Connect Secure