CVE-2017-17947

N/A

A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.

N/A

N/A

Pulse Connect Secure和Pulse Policy Secure 跨站脚本漏洞

Pulse Connect Secure（PCS）和Pulse Policy Secure（PPS）都是美国Pulse Secure公司的产品。Pulse Connect Secure是一套SSL VPN解决方案。Pulse Policy Secure是一套NAC和BYOD解决方案。 PCS和PPS中的custompage.cgi文件存在跨站脚本漏洞，该漏洞源于程序没有过滤URL参数。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。以下版本受到影响：Pulse Connect Secure 8.0R

N/A

N/A