CVE-2020-8217

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R8

Description A cross-site scripting (XSS) issue exists due to insufficient cleaning of user-provided data transmitted through the URL used for Citrix ICA. This allows a remote attacker to conduct an XSS attack.

Recommendations For versions prior to 9.1R8, update to version 9.1R8 or later to resolve the issue. As a temporary workaround, consider restricting access to the URL used for Citrix ICA to minimize the risk of exploitation. Avoid using user-provided data in the affected URL until the issue is resolved.