Multiple cross site scripting issues has been found in the Pulse Connect Secure / Pulse Policy Secure device. The cause of this issue is due to incorrect validation of user input sent to the web server. This does require the user to be logged in as administrator and not applicable end user portal.
These issues have been assigned the following CVEs:
This issue is applicable to all supported PCS / PPS releases. Pulse Secure is working on tentative timelines for these releases. The advisory will be updated once these releases are available.