A cross site scripting issue has been found in Pulse Connect Secure (PCS). The problem is a result of incorrect user input validation on the PCS web server. The issue exists within a file that pertains to the PCS web rewriting feature pages that are only accessible by an authenticated session. This issue is only present when web rewrite is enabled on a user's role.
Pulse Secure SIRT is not aware of any malicious exploitation of these vulnerabilities.
No other Pulse Secure products or platforms are affected by this issue.
This issue has been assigned CVE-2013-6956