CVE-2019-11507

MEDIUM EXPLOITED RANSOMWARE NUCLEI

Pulse Secure PCS <9.0R3 - XSS

Title source: llm

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

MEDIUMby theamanrawat

Shodan: http.html:"welcome.cgi?p=logo" || http.title:"ivanti connect secure"

FOFA: body="welcome.cgi?p=logo" || title="ivanti connect secure"

CVSS v3 6.1

EPSS 0.0056

EPSS Percentile 68.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

VulnCheck KEV 2020-06-08

Ransomware Use Confirmed

CWE

CWE-79

Status published

Products (2)

ivanti/connect_secure 8.3 r1 (12 CPE variants)

ivanti/connect_secure 9.0 r1 (3 CPE variants)

Published May 08, 2019

Tracked Since Feb 18, 2026