A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.
References
Link | Resource |
---|---|
http://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43018 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-16T21:00:00
Updated: 2018-01-16T20:57:01
Reserved: 2017-12-28T00:00:00
Link: CVE-2017-17947
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-01-16T21:29:00.250
Modified: 2018-02-06T15:24:21.600
Link: CVE-2017-17947
JSON object: View
Redhat Information
No data.
CWE