CVE-2020-8238

EPSS 1.7%CWE-79

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).

Affected products

Pulse Secure · Pulse Connect Secure/ Pulse Policy Secure

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44588 https://www.gosecure.net/blog/2020/11/13/forget-your-perimeter-part-2-four-vulnerabilities-in-pulse-connect-secure/