Pulse Connect Secure@8.3r1.0 Security Vulnerabilities and Issues — Pulse Connect Secure@8.3r1.0 CVE List

Lucene search

PulsesecurePulse Connect Secure8.3r1.0

4 matches found

CVE•added 2017/07/12 8:29 p.m.•44 views

CVE-2017-11195

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can us...

6.1CVSS5.9AI score0.00388EPSS

CVE•added 2017/07/12 8:29 p.m.•42 views

CVE-2017-11194

Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever...

6.1CVSS6AI score0.0024EPSS

CVE•added 2017/07/12 8:29 p.m.•40 views

CVE-2017-11196

Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.

8.8CVSS8.5AI score0.00151EPSS

CVE•added 2017/07/12 8:29 p.m.•38 views

CVE-2017-11193

Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands...

8.8CVSS8.7AI score0.00151EPSS