CVE-2019-11543Cross-site Scripting in Ivanti Connect Secure

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 61.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Ivanti Connect SecurePulsesecure Pulse Connect SecurePulsesecure Pulse Policy Secure
Timeline
PublishedApr 26
Latest updateMay 24

Description

XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDivanti/connect_secure8.1, 8.3+1

🔴Vulnerability Details

2
GHSA
GHSA-3w9v-5f2g-97c5: XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 92022-05-24
CVEList
CVE-2019-11543: XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 92019-04-26
CVE-2019-11543 — Cross-site Scripting in Ivanti | cvebase