GCVE - cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0:*:*:*:*:*:*:*

part: a version: 8.3r1.0 update: *

Vendor	Pulsesecure (`a066ac83-6375-5788-bb66-aece7b4a523c`)
Product	Pulse Connect Secure (`ffff61d6-2129-50b3-b84c-402360bb2a82`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-11196`	vulnerable	2026-06-03 14:36:27.846920	Details available Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page. Published: 2017-07-12T20:00:00.000Z Updated: 2024-08-05T18:05:28.802Z Open on db.gcve.eu Reference links https://twitter.com/sxcurity/status/884556905145937921 http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf http://www.securityfocus.com/bid/99613	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-11195`	vulnerable	2026-06-03 14:36:27.846608	Details available Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this. Published: 2017-07-12T20:00:00.000Z Updated: 2024-08-05T18:05:28.610Z Open on db.gcve.eu Reference links https://twitter.com/sxcurity/status/884556905145937921 http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf http://www.securityfocus.com/bid/99615	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-11194`	vulnerable	2026-06-03 14:36:27.846279	Details available Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to inject tags. An attacker could come up with clever payloads to make the system run commands such as ping, ping6, traceroute, nslookup, arp, etc. Published: 2017-07-12T20:00:00.000Z Updated: 2024-08-05T18:05:28.659Z Open on db.gcve.eu Reference links https://twitter.com/sxcurity/status/884556905145937921 http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-11193`	vulnerable	2026-06-03 14:36:27.845864	Details available Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an attacker to run these commands against any IP if they can get an admin to visit their malicious CSRF page. Published: 2017-07-12T20:00:00.000Z Updated: 2024-08-05T18:05:28.456Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/99621 https://twitter.com/sxcurity/status/884556905145937921 http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Pulse Connect Secure

PURL mappings

Vulnerability references

Contribute