Pulse Connect Secure Cross-Site Scripting Vulnerability (SA43018)

According to its self-reported version, the version of Pluse Connect Secure running on the remote host is affected by a cross-site scripting vulnerability in custompage.cgi. Refer to the vendor advisory for additional information. C Tenable Network Security, Inc. include"compat.inc"; if descripti...

CVE-2017-17947

CVE-2017-17947 is a cross-site scripting vulnerability in Pulse Secure’s Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) affecting custompage.cgi. The issue arises from one unsanitized URL parameter, enabling injected script when the attacker is authenticated as an administrator; it does...