JSA10490 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issues

Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing:
- Cross Site Scripting issue found in Secure Meeting web page.
- Cross Site Scripting issue found in Network Connect web page.
- Cross Site Scripting issue found in Terminal Access web page.
- Cross Site Scripting issue found in Session Manager web page.

Pulse Secure would like to acknowledge n.runs AG for reporting one of the above issues.

The following PCS software releases have a fix for these issues, PCS: 6.5R10; 7.0R7, 7.1R4 or higher.
We recommend upgrading your PCS software to resolve this security vulnerability.

Note: Pulse Secure policy is to only publish fixes for release that have not yet reached End-of-Engineering. These issues were reported prior to 6.5 reaching its End-of-Engineering date so the fixes for this release are published in this Security Bulletin.


 

None.

Patched Software Release Service Packages are available at Pulse Secure Licensing and Download Center: https://my.pulsesecure.net. Documentation links to the relevant software’s are also available at Pulse Secure Licensing and Download Center.