Reset Search



JSA10554 - 2013-03: Security Bulletin: Pulse Connect Secure (PCS): Multiple cross site scripting issues

« Go Back


Product AffectedPCS: SA700, SA2500, SA2000, FIPS SA4000, SA4500, SA4000, FIPS SA4500, FIPS SA6000, SA6500, SA6000, FIPS SA6500, MAG2600, MAG4610, MAG6610, MAG6611, Virtual Appliance
Multiple cross site scripting issues have been found in the Pulse Connect Secure (PCS) product. The issue is the result of incorrect validation of user input sent to the web server. This issue exists within a file that pertains to login pages, as well as a support related page that is only accessible by an authenticated session.

Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.

The issues contained in this advisory are fixed in PCS OS releases 7.1r13, 7.2r7, 7.3r2, and all subsequent releases.

There are no known workarounds for this issue. The only way to correct this vulnerability is to upgrade to software that contains a fix.
To download the latest release of Pulse Secure software, please go to

Related Links
CVSS Score7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Risk Assessment
Pulse Secure would like to thank Anil Pazvant for responsibly reporting one of the issues contained in this advisory to us.
Alert TypePSN - Product Support Notification
Risk LevelHigh
Attachment 1 
Attachment 2 
Legacy IDPSN-2013-03-874, JSA10554



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255