A cross site scripting issue has been found in the Pulse Connect Secure product. The problem is a result of incorrect user input validation on the web server. The issue exists within a file that pertains to the Pulse Collaboration (Secure Meeting) user pages that are only accessible by an authenticated session. This issue is only present when the Pulse Collaboration feature is enabled on a user's role.
Pulse Secure SIRT is not aware of any malicious exploitation of this vulnerability.
This issue has been assigned CVE-2014-2291