5.4
CVE-2018-20306
- EPSS 0.18%
- Veröffentlicht 20.12.2018 09:29:00
- Zuletzt bearbeitet 21.11.2024 04:01:11
- Quelle cve@mitre.org
- Teams Watchlist Login
- Unerledigt Login
A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pulsesecure ≫ Virtual Traffic Manager Version >= 9.9 < 9.9r2
Pulsesecure ≫ Virtual Traffic Manager Version >= 10.4 < 10.4r1
Pulsesecure ≫ Virtual Traffic Manager Version >= 17.2 < 17.2r1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.368 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.4 | 2.3 | 2.7 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
|
| nvd@nist.gov | 3.5 | 6.8 | 2.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:N
|
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.