5.4

CVE-2020-8217

A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to exploit in the URL used for Citrix ICA.

Data is provided by the National Vulnerability Database (NVD)
IvantiConnect Secure Version9.1 Update-
IvantiConnect Secure Version9.1 Updater1
IvantiConnect Secure Version9.1 Updater2
IvantiConnect Secure Version9.1 Updater3
IvantiConnect Secure Version9.1 Updater4
IvantiConnect Secure Version9.1 Updater4.1
IvantiConnect Secure Version9.1 Updater4.2
IvantiConnect Secure Version9.1 Updater4.3
IvantiConnect Secure Version9.1 Updater5
IvantiConnect Secure Version9.1 Updater6
IvantiConnect Secure Version9.1 Updater7
PulsesecurePulse Connect Secure Version <= 9.0
IvantiPolicy Secure Version9.1 Update-
IvantiPolicy Secure Version9.1 Updater1
IvantiPolicy Secure Version9.1 Updater2
IvantiPolicy Secure Version9.1 Updater3
IvantiPolicy Secure Version9.1 Updater3.1
IvantiPolicy Secure Version9.1 Updater4
IvantiPolicy Secure Version9.1 Updater4.1
IvantiPolicy Secure Version9.1 Updater4.2
IvantiPolicy Secure Version9.1 Updater5
IvantiPolicy Secure Version9.1 Updater6
IvantiPolicy Secure Version9.1 Updater7
PulsesecurePulse Policy Secure Version <= 9.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.14% 0.301
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5.4 2.3 2.7
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov 3.5 6.8 2.9
AV:N/AC:M/Au:S/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.