Reset Search



JSA10511 - 2012-06 Security Bulletin: Pulse Connect Secure (PCS): Cross site scripting issue

« Go Back


Product AffectedPCS: SA 700, SA 2000, SA 2500, SA 4000, SA 4500, SA 6000, SA 6500, SA 4000 FIPS, SA 6000 FIPS, SA 4500 FIPS, SA 6500 FIPS, MAG2600, MAG4610, MAG-SM160, MAG-SM360
A cross site scripting issue has been found in the Pulse Connect Secure (PCS) product. The issue is the result of incorrect validation of user input sent to the PCS web server. This issue exists within a file that pertains to login pages.


No other Pulse Secure products or platforms are affected by this issue.

The issue is fixed in PCS releases 7.1R1, 7.2R1, and all subsequent releases.






There are no viable workarounds for this issue.

Related Links
To access the latest software, please visit:
CVSS Score5.0
Risk AssessmentSuccessful exploit of this vulnerability could allow an attacker to dynamically create arbitrary active content which could be rendered in the user's browser, leading to possible session theft or other information disclosure.
Alert TypePSN - Product Support Notification
Risk LevelMedium
Attachment 1 
Attachment 2 
Legacy IDPSN-2012-06-609, JSA10511



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255