Reset Search



JSA10375 - Pulse Connect Secure (PCS): Cross-Site Scripting Vulnerability

« Go Back


Product Affected
Older software versions of Pulse Connect Secure are prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute an arbitrary script. This issue is caused by an input validation error in the "dana-na/auth/rdremediate.cgi" script when processing the "delivery_mode" parameter, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Pulse Secure has resolved this issue in PCS software version 5.5r3 Build 12029 and higher.
Related Links
CVSS Score
Risk Assessment
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2008-03-002, JSA10375



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255