A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.
References
Link | Resource |
---|---|
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-20T09:00:00
Updated: 2018-12-20T08:57:01
Reserved: 2018-12-20T00:00:00
Link: CVE-2018-20306
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-12-20T09:29:00.433
Modified: 2019-01-08T14:37:32.307
Link: CVE-2018-20306
JSON object: View
Redhat Information
No data.
CWE