4 matches found
SA43018 - 2018-01 Out-Of-Cycle Advisory: Pulse Connect Secure (PCS) / Pulse Policy Secure (PPS): Cross Site Scripting Issue
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. A cross site scripting issue with custompage.cgi has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause is due to one of the URL parameters not sanitized. Th...
Pulse Policy Secure Cross-Site Scripting Vulnerability (SA43018)
According to its self-reported version, the version of Pluse Policy Secure running on the remote host is affected by a cross-site scripting vulnerability in custompage.cgi. Refer to the vendor advisory for additional information. C Tenable Network Security, Inc. include"compat.inc"; if descriptio...
CVE-2017-17947
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure PCS before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure PPS before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL...
CVE-2017-17947
CVE-2017-17947 is a cross-site scripting vulnerability in Pulse Secure’s Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) affecting custompage.cgi. The issue arises from one unsanitized URL parameter, enabling injected script when the attacker is authenticated as an administrator; it does...