Reset Search



JSA10502 - 2012-03 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issue

« Go Back


Product AffectedSA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360
A cross site scripting issue has been found in the Pulse Connect Secure device. The cause of this issue is due to incorrect validation of user input sent to the web server. This issue exists within a file that pertains to the Network Connect (NC) / Pulse Secure client feature, which is only accessible by an authenticated user.

This issue was found during proactive security testing of the PCS device.

The following software releases have a fix for this issue: PCS 7.0R9, 7.1R6 or higher.

Pulse Secure recommends upgrading your PCS software to resolve this security vulnerability.

Disabling VPN Tunneling at the role level will remove the issue. This would only be recommended if your users are not using Network Connect / Pulse Secure client to access the PCS device.

Software release Service Packages are available at
Related Links
CVSS Score5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Risk AssessmentA successful cross site scripting exploit would allow an attacker to dynamically generate web content to their liking which could be rendered in the user's browser. This could allow possible session theft or other possible information disclosure.
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2012-02-513, JSA10502



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255