CVE-2020-8263

Published: Oct 28, 2020Modified: Nov 21, 2024

5.4

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

Affected (14)

Products: Pulsesecure: Pulse Secure Desktop Client

Pulsesecure

1 product

Pulse Secure Desktop Client

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Pulsesecure Pulse Secure Desktop Client	Before 9.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r2
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r3.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r3
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r4.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r4.2
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r4
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r5
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r6
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r7.1
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r7
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r8.2
Pulsesecure Pulse Secure Desktop Client	Version 9.1 r8

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Source: support@hackerone.com

Vendor Advisory

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.