CVE-2019-11507medium
Description
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
References
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44101/
https://kb.pulsesecure.net/?atype=sa
https://i.blackhat.com/USA-19/Wednesday/us-19-Tsai-Infiltrating-Corporate-Intranet-Like-NSA.pdf
http://www.securityfocus.com/bid/108073
https://www.kb.cert.org/vuls/id/927237
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44516
Details
Source: MITRE
Published: 2019-05-08
Updated: 2023-03-24
Type: CWE-79
Risk Information
CVSS v2
Base Score: 4.3
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Impact Score: 2.9
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 6.1
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Impact Score: 2.7
Exploitability Score: 2.8
Severity: MEDIUM