Reset Search
 

 

Article

JSA10461 - Cross-site scripting vulnerabilities in file browsing pages

« Go Back

Information

 
Product AffectedThis is a zero day issue which affects all versions of Pulse Connect Secure.
Problem
Using tools specifically designed to test cross-site scripting (XSS) issues, a vulnerability was found in the file browsing scripts used by the PCS device. Exploiting this vulnerability could result in elevated access to the device's resources.
Solution
Vulnerable script elements are now escaped to avoid XSS injection.

Software updates to PCS have been released to resolve this issue. Releases containing the fix include PCS 6.0r14 released on 2010-09-15, 6.5r6 released on 2010-08-03, 7.0r2 released on 2010-08-31, and all subsequent releases of PCS.

This issue is being tracked as PR 534218. 
 
Workaround
None.
Implementation
How to obtain fixed software:

Software release Service Packages are available at https://www.pulsesecure.net/support/software.
Related Links
CVSS Score5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Risk Assessment
Acknowledgements
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2010-12-109, JSA10461

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255