Description
XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_confirm
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101
Vendor Advisory x_refsource_misc
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/108073
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/927237
Scores
CVSS v3
6.1
EPSS
0.0015
EPSS Percentile
34.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-79
Status
published
Products (44)
ivanti/connect_secure
8.1
ivanti/connect_secure
8.3
pulsesecure/pulse_connect_secure
8.1r1.0
pulsesecure/pulse_connect_secure
8.1rx
pulsesecure/pulse_connect_secure
8.3rx
pulsesecure/pulse_connect_secure
9.0r1
pulsesecure/pulse_connect_secure
9.0r2
pulsesecure/pulse_connect_secure
9.0r2.1
pulsesecure/pulse_connect_secure
9.0r3
pulsesecure/pulse_connect_secure
9.0r3.1
... and 34 more
Published
Apr 26, 2019
Tracked Since
Feb 18, 2026