Reset Search
 

 

Article

JSA10375 - Pulse Connect Secure (PCS): Cross-Site Scripting Vulnerability

« Go Back

Information

 
Product Affected
Problem
Older software versions of Pulse Connect Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by an input validation error in the "dana-na/auth/rdremediate.cgi" script when processing the "delivery_mode" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Solution
Pulse Secure has resolved this issue in PCS software version 5.5r3 Build 12029 and higher.
Workaround
Implementation
Related Links
CVSS Score
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-03-002, JSA10375

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255