First published: Wed May 08 2019(Updated: )
In Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3, an XSS issue has been found on the Application Launcher page.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | =8.3-r1 | |
Pulsesecure Pulse Connect Secure | =8.3-r1.1 | |
Pulsesecure Pulse Connect Secure | =8.3-r2 | |
Pulsesecure Pulse Connect Secure | =8.3-r2.1 | |
Pulsesecure Pulse Connect Secure | =8.3-r3 | |
Pulsesecure Pulse Connect Secure | =8.3-r4 | |
Pulsesecure Pulse Connect Secure | =8.3-r5 | |
Pulsesecure Pulse Connect Secure | =8.3-r5.1 | |
Pulsesecure Pulse Connect Secure | =8.3-r5.2 | |
Pulsesecure Pulse Connect Secure | =8.3-r6 | |
Pulsesecure Pulse Connect Secure | =8.3-r6.1 | |
Pulsesecure Pulse Connect Secure | =8.3-r7 | |
Pulsesecure Pulse Connect Secure | =9.0-r1 | |
Pulsesecure Pulse Connect Secure | =9.0-r2 | |
Pulsesecure Pulse Connect Secure | =9.0-r2.1 | |
Ivanti Connect Secure | =8.3-r1 | |
Ivanti Connect Secure | =8.3-r1.1 | |
Ivanti Connect Secure | =8.3-r2 | |
Ivanti Connect Secure | =8.3-r2.1 | |
Ivanti Connect Secure | =8.3-r3 | |
Ivanti Connect Secure | =8.3-r4 | |
Ivanti Connect Secure | =8.3-r5 | |
Ivanti Connect Secure | =8.3-r5.1 | |
Ivanti Connect Secure | =8.3-r5.2 | |
Ivanti Connect Secure | =8.3-r6 | |
Ivanti Connect Secure | =8.3-r6.1 | |
Ivanti Connect Secure | =8.3-r7 | |
Ivanti Connect Secure | =9.0-r1 | |
Ivanti Connect Secure | =9.0-r2 | |
Ivanti Connect Secure | =9.0-r2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11507 is a vulnerability in Pulse Secure Pulse Connect Secure (PCS) 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 that allows for cross-site scripting (XSS) attacks on the Application Launcher page.
CVE-2019-11507 has a severity score of 6.1, which is considered medium.
CVE-2019-11507 affects Pulse Connect Secure versions 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3.
CVE-2019-11507 can be exploited through cross-site scripting (XSS) attacks on the Application Launcher page of Pulse Connect Secure.
Yes, you can find more information about CVE-2019-11507 at the following sources: [1] SecurityFocus, [2] Devco.re blog, [3] Black Hat presentation on infiltrating corporate intranets.