A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
2021-08-16T19:15:13.627
2024-11-21T05:50:58.300
Modified
CVSSv3.1: 6.1 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:P/A:N
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | ivanti | connect_secure | 9.1 | Yes |
Application | pulsesecure | pulse_connect_secure | < 9.1 | Yes |