CVE-2018-20807Cross-site Scripting in Ivanti Connect Secure

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.1%
top 69.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Ivanti Connect Secure
Timeline
PublishedJun 28
Latest updateMay 24

Description

An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

NVDivanti/connect_secure8.1, 8.2, 8.3+2

🔴Vulnerability Details

2
GHSA
GHSA-7xqg-h9pv-h2hr: An XSS issue has been found in welcome2022-05-24
CVEList
CVE-2018-20807: An XSS issue has been found in welcome2019-03-16
CVE-2018-20807 — Cross-site Scripting in Ivanti | cvebase