cbcvebase.

Pulsesecure Pulse Connect Secure vulnerabilities

57 known vulnerabilities affecting pulsesecure/pulse_connect_secure.

Total CVEs
57
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL5HIGH27MEDIUM25

Vulnerabilities

Page 3 of 3
CVE-2019-11543P4MEDIUMCVSS 6.1v8.1r1.0v8.1rx+8 more2019-04-26
CVE-2019-11543 [MEDIUM] CWE-79 CVE-2019-11543: XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, XSS exists in the admin web console in Pulse Secure Pulse Connect Secure (PCS) 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, and 5.2RX before 5.2R12.1.
nvd
CVE-2020-8238P4MEDIUMCVSS 6.1≤ 9.02020-09-30
CVE-2020-8238 [MEDIUM] CWE-79 CVE-2020-8238: A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Sec A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).
nvd
CVE-2020-8262P4MEDIUMCVSS 6.1fixed in 9.12020-10-28
CVE-2020-8262 [MEDIUM] CWE-79 CVE-2020-8262: A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
nvd
CVE-2021-22936P4MEDIUMCVSS 6.1fixed in 9.1vFixed in 9.1R122021-08-16
CVE-2021-22936 [MEDIUM] CWE-79 CVE-2021-22936: A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross- A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
nvd
CVE-2017-11194P4MEDIUMCVSS 6.1v8.3r1.02017-07-12
CVE-2017-11194 [MEDIUM] CWE-79 CVE-2017-11194: Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, th Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as pin
nvd
CVE-2020-8217P4MEDIUMCVSS 5.4≤ 9.0vFixed in 9.1R82020-07-30
CVE-2020-8217 [MEDIUM] CWE-79 CVE-2020-8217: A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to explo A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.
nvd
CVE-2020-12880P4MEDIUMCVSS 5.5≤ 9.02020-07-27
CVE-2020-12880 [MEDIUM] CVE-2020-12880: An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Applianc An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect Secure (PCS) Virtual Appliance before 9.1R8. By manipulating a certain kernel boot parameter, it can be tricked into dropping into a root shell in a pre-install phase where the entire source code of the appliance is available and can be retrieved. (The source code is otherwise inaccessib
nvd
CVE-2020-8204P4MEDIUMCVSS 6.1≤ 9.0vFixed in 9.1R52020-07-30
CVE-2020-8204 [MEDIUM] CWE-79 CVE-2020-8204: A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
nvd
CVE-2016-4789P4MEDIUMCVSS 6.1v8.1r1.0v7.42016-05-26
CVE-2016-4789 [MEDIUM] CWE-79 CVE-2016-4789: Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative u Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2017-11195P4MEDIUMCVSS 6.1v8.3r1.02017-07-12
CVE-2017-11195 [MEDIUM] CWE-79 CVE-2017-11195: Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is refl Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.
nvd
CVE-2020-8261P4MEDIUMCVSS 4.3fixed in 9.12020-10-28
CVE-2020-8261 [MEDIUM] CWE-120 CVE-2020-8261: A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
nvd
CVE-2016-4790P4MEDIUMCVSS 5.5v8.1r1.0v7.42016-05-26
CVE-2016-4790 [MEDIUM] CWE-79 CVE-2016-4790: Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secur Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
nvd
CVE-2018-14366P4MEDIUMCVSS 6.1v8.1r1.0v8.1rx+1 more2018-09-06
CVE-2018-14366 [MEDIUM] CWE-601 CVE-2018-14366: download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pul download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerability.
nvd
CVE-2020-15408P4MEDIUMCVSS 4.6≤ 9.12020-07-28
CVE-2020-15408 [MEDIUM] CVE-2020-15408: An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated attacker can access the admin page console via the end-user web interface because of a rewrite.
nvd
CVE-2020-8216P4MEDIUMCVSS 4.3≤ 9.0vFixed in 9.1R82020-07-30
CVE-2020-8216 [MEDIUM] CWE-200 CVE-2020-8216: An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authent An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID.
nvd
CVE-2018-9849P4MEDIUMCVSS 5.5≥ 8.1, < 8.1r14≥ 8.2, < 8.2r11+1 more2018-05-10
CVE-2018-9849 [MEDIUM] CVE-2018-9849: Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 d Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before 8.2R11, and 8.3.x before 8.3R5 do not properly process nested XML entities, which allows remote attackers to cause a denial of service (memory consumption and memory errors) via a crafted XML document.
nvd
CVE-2017-17947P4MEDIUMCVSS 4.8fixed in 8.0r17.0≥ 8.1, < 8.1r13+2 more2018-01-16
CVE-2017-17947 [MEDIUM] CWE-79 CVE-2017-17947: A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure ( A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does requir
nvd
Pulsesecure Pulse Connect Secure vulnerabilities | cvebase