Pulse Connect Secure 'adminservercacertdetails.cgi' Reflective Cross-Site Scripting Vulnerability

Pulse Connect Secure aka PCS, formerly known as Juniper Junos Pulse is a suite of SSL VPN solutions from Pulse Secure, a US-based company. A reflected cross-site scripting vulnerability exists in the adminservercacertdetails.cgi file in PCS version 8.3R1. A remote attacker can exploit this...

CVE-2017-11194

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clev...