CVE-2021-22936

Name of the Vulnerable Software and Affected Versions Pulse Connect Secure versions prior to 9.1R12

Description A vulnerability could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.

Recommendations For versions prior to 9.1R12, update to version 9.1R12 or later to resolve the issue. As a temporary workaround, consider restricting access to the web interface to minimize the risk of exploitation. Avoid using unsanitized web parameters in the affected API endpoints until the issue is resolved.