2 matches found
SA40771 - 2017-07 Security Bulletin: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Multiple cross site scripting issues has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause of this issue is due to incorrect validation of user input sent t...
CVE-2017-11195
Pulse Connect Secure 8.3R1 is affected by a reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is echoed inside an IFRAME when it contains two quotes, with sanitization preventing simple quote closure but allowing javascript: or data: schemes to be abused. Affected component: launchHel...