SA40771 - 2017-07 Security Bulletin: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue

Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause of this issue is due to incorrect validation of user input sent t...

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...

CVE-2017-11196

Pulse Connect Secure 8.3R1 is affected by a Cross-Site Request Forgery in logout.cgi. The admin panel logout is not protected by CSRF tokens, allowing an attacker to log out a user by enticing them to visit a malicious page. Connected documents confirm the issue and note remediation through softw...

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page...