In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
https://www.kb.cert.org/vuls/id/927237
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
https://kb.pulsesecure.net/?atype=sa
https://www.tenable.com/blog/cve-2018-13379-cve-2019-11510-fortigate-and-pulse-connect-secure-vulnerabilities-exploited-in
https://www.tenable.com/blog/cve-2019-11510-proof-of-concept-available-for-arbitrary-file-disclosure-in-pulse-connect-secure
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
http://www.securityfocus.com/bid/108073
Source: Mitre, NVD
Published: 2019-05-08
Updated: 2024-02-27
Base Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
Severity: Medium
Base Score: 6.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS: 0.00424