CVE-2020-8263 — Cross-site Scripting in Pulse Secure Desktop Client

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.3%

top 42.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pulsesecure Pulse Secure Desktop Client Pulse Connect Secure Pulse Policy Secure

Timeline

PublishedOct 28

Latest updateMay 24

Description

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5pulse_connect_secure/pulse_policy_secure9.1R9

▶NVDpulsesecure/pulse_secure_desktop_client< 9.1+1

🔴Vulnerability Details

GHSA

GHSA-73rw-h6xr-x6hm: A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9↗2022-05-24

▶

CVEList

CVE-2020-8263: A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9↗2020-10-28

▶