Junos Pulse Secure Access IVE OS XSS (JSA10646)
Medium Nessus Plugin ID 77690
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version, the version of IVE running on the remote host is affected by a cross site scripting vulnerability due to incorrect user input validation on the SSL VPN web server. Note that this issue exists within a web page that is only accessible by an authenticated user session.
SolutionUpgrade to Juniper Junos IVE OS version 7.1r20 / 7.4r13 / 8.0r6. or later.