Reset Search



JSA10402 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Multiple Web-based CGI and Cross Site Scripting (XSS) vulnerabilities.

« Go Back


Product AffectedSA 500, SA 700, SA 1000, SA 2000, SA 2500, SA 3000, SA 4000, SA 4500, SA 5000, SA 6000, SA 6500, FIPS SA 4000, FIPS SA 6000 IC: IC4000, IC4500, IC6000, IC6500, FIPS IC 4000, FIPS IC 6000
CGI and Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing:
- Internal path was displayed in some error messages
- Parameter injection and XSS issues in File Browsing web pages (not applicable to UAC)
- XSS and response-splitting issues in File Browsing web pages (not applicable to UAC)
- XSS issues in Secure Meeting web page and launch CGI (not applicable to UAC)
- Issue with insufficient validation on parameters in dana-na/download URL
Pulse Secure recommends upgrading to one of the following or later releases:
PCS: 5.5R7.1; 6.0R8; 6.1R7; 6.2R3; 6.3R2
PPS: 2.2R3
No workarounds exist for these CGI and XSS issues. Software upgrades recommended in this Security Advisory are synchronized with the recommendations in other (PSN-2009-03-248 and PSN-2009-03-249). This enables customers to upgrade once and have all issues resolved with the upgrade.
Related Links
CVSS Score
Risk AssessmentYou can gain unauthorized access to protected resources.
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2009-03-250, JSA10402



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255