CVE-2018-20808
published 2019-06-28CVE-2018-20808: An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to…
PriorityP425medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.60%
72.8th percentile
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ivanti | connect_secure | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ivanti
Ivanti Security Advisory: CVE-2018-20808
vendor_ivanti·2019-06-28·CVSS 6.1
CVE-2018-20808 [MEDIUM] CWE-79 Ivanti Security Advisory: CVE-2018-20808
Ivanti Security Advisory: CVE-2018-20808
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
CVE IDs: CVE-2018-20808
CVSS Base Score: 6.1
Severity: MEDIUM
CWEs: CWE-79
GHSA
GHSA-cgg9-3m27-m426: An XSS issue has been found with rd
ghsa_unreviewed·2022-05-24
CVE-2018-20808 [MEDIUM] CWE-79 GHSA-cgg9-3m27-m426: An XSS issue has been found with rd
An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-06-28
Published