CVE-2018-20808

MEDIUM

Pulse Connect Secure 8.3RX < 8.3R3 - Cross-Site Scripting via rd.cgi Header

Title source: llm

Description

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43877/

Scores

CVSS v3 6.1

EPSS 0.0012

EPSS Percentile 30.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

ivanti/connect_secure 8.3 r1 (3 CPE variants)

Published Jun 28, 2019

Tracked Since Feb 18, 2026