6.1

CVE-2019-11507

Exploit

In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.

Data is provided by the National Vulnerability Database (NVD)
IvantiConnect Secure Version8.3 Updater1
IvantiConnect Secure Version8.3 Updater1.1
IvantiConnect Secure Version8.3 Updater2
IvantiConnect Secure Version8.3 Updater2.1
IvantiConnect Secure Version8.3 Updater3
IvantiConnect Secure Version8.3 Updater4
IvantiConnect Secure Version8.3 Updater5
IvantiConnect Secure Version8.3 Updater5.1
IvantiConnect Secure Version8.3 Updater5.2
IvantiConnect Secure Version8.3 Updater6
IvantiConnect Secure Version8.3 Updater6.1
IvantiConnect Secure Version8.3 Updater7
IvantiConnect Secure Version9.0 Updater1
IvantiConnect Secure Version9.0 Updater2
IvantiConnect Secure Version9.0 Updater2.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.43% 0.618
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
cve@mitre.org 5.8 1.6 3.7
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://www.securityfocus.com/bid/108073
Third Party Advisory
Broken Link
VDB Entry
https://www.kb.cert.org/vuls/id/927237
Third Party Advisory
US Government Resource
https://kb.pulsesecure.net/?atype=sa
Third Party Advisory
Vendor Advisory