What is CVE-2020-8262?

CVE-2020-8262 is a vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 that could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

How does the CVE-2020-8262 vulnerability affect Pulse Connect Secure?

The CVE-2020-8262 vulnerability affects Pulse Connect Secure versions below 9.1R9, allowing attackers to perform Cross-Site Scripting (XSS) and Open Redirection attacks on the authenticated user web interface.

What is the severity of CVE-2020-8262?

CVE-2020-8262 has a severity rating of 6.1, which is considered medium.

How can I fix the CVE-2020-8262 vulnerability?

To fix the CVE-2020-8262 vulnerability, it is recommended to update Pulse Connect Secure / Pulse Policy Secure to version 9.1R9 or later.

Where can I find more information about CVE-2020-8262?

More information about CVE-2020-8262 can be found in the Pulse Security Advisories article at: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601.

Vulnerability/
CVE-2020-8262

medium

6.1

CWE

28/10/2020

4/8/2024

CVE-2020-8262: XSS

First published: Wed Oct 28 2020(Updated: )

A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.

Credit: support@hackerone.com support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Connect Secure	<9.1
Pulsesecure Pulse Connect Secure	=9.1-r1
Pulsesecure Pulse Connect Secure	=9.1-r2
Pulsesecure Pulse Connect Secure	=9.1-r3
Pulsesecure Pulse Connect Secure	=9.1-r4
Pulsesecure Pulse Connect Secure	=9.1-r5
Pulsesecure Pulse Connect Secure	=9.1-r6
Pulsesecure Pulse Connect Secure	=9.1-r7
Pulsesecure Pulse Connect Secure	=9.1-r8
Pulsesecure Pulse Policy Secure	<9.1
Pulsesecure Pulse Policy Secure	=9.1-r1
Pulsesecure Pulse Policy Secure	=9.1-r2
Pulsesecure Pulse Policy Secure	=9.1-r3
Pulsesecure Pulse Policy Secure	=9.1-r4
Pulsesecure Pulse Policy Secure	=9.1-r5
Pulsesecure Pulse Policy Secure	=9.1-r6
Pulsesecure Pulse Policy Secure	=9.1-r7
Pulsesecure Pulse Policy Secure	=9.1-r8
Ivanti Connect Secure	=9.1-r1
Ivanti Connect Secure	=9.1-r2
Ivanti Connect Secure	=9.1-r3
Ivanti Connect Secure	=9.1-r4
Ivanti Connect Secure	=9.1-r5
Ivanti Connect Secure	=9.1-r6
Ivanti Connect Secure	=9.1-r7
Ivanti Connect Secure	=9.1-r8
Ivanti Policy Secure	=9.1-r1
Ivanti Policy Secure	=9.1-r2
Ivanti Policy Secure	=9.1-r3
Ivanti Policy Secure	=9.1-r4
Ivanti Policy Secure	=9.1-r5
Ivanti Policy Secure	=9.1-r6
Ivanti Policy Secure	=9.1-r7
Ivanti Policy Secure	=9.1-r8

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Frequently Asked Questions

What is CVE-2020-8262?
CVE-2020-8262 is a vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 that could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
How does the CVE-2020-8262 vulnerability affect Pulse Connect Secure?
The CVE-2020-8262 vulnerability affects Pulse Connect Secure versions below 9.1R9, allowing attackers to perform Cross-Site Scripting (XSS) and Open Redirection attacks on the authenticated user web interface.
What is the severity of CVE-2020-8262?
CVE-2020-8262 has a severity rating of 6.1, which is considered medium.
How can I fix the CVE-2020-8262 vulnerability?
To fix the CVE-2020-8262 vulnerability, it is recommended to update Pulse Connect Secure / Pulse Policy Secure to version 9.1R9 or later.
Where can I find more information about CVE-2020-8262?
More information about CVE-2020-8262 can be found in the Pulse Security Advisories article at: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601.

collector/nvd-index
agent/type
agent/first-publish-date
agent/references
agent/author
agent/severity
agent/weakness
agent/event
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/last-modified-date
agent/softwarecombine
agent/tags
agent/description
collector/mitre-cve
source/MITRE
vendor/pulsesecure
canonical/pulsesecure pulse connect secure
version/pulsesecure pulse connect secure/9.1-r1
version/pulsesecure pulse connect secure/9.1-r2
version/pulsesecure pulse connect secure/9.1-r3
version/pulsesecure pulse connect secure/9.1-r4
version/pulsesecure pulse connect secure/9.1-r5
version/pulsesecure pulse connect secure/9.1-r6
version/pulsesecure pulse connect secure/9.1-r7
version/pulsesecure pulse connect secure/9.1-r8
canonical/pulsesecure pulse policy secure
version/pulsesecure pulse policy secure/9.1-r1
version/pulsesecure pulse policy secure/9.1-r2
version/pulsesecure pulse policy secure/9.1-r3
version/pulsesecure pulse policy secure/9.1-r4
version/pulsesecure pulse policy secure/9.1-r5
version/pulsesecure pulse policy secure/9.1-r6
version/pulsesecure pulse policy secure/9.1-r7
version/pulsesecure pulse policy secure/9.1-r8
vendor/ivanti
canonical/ivanti connect secure
version/ivanti connect secure/9.1-r1
version/ivanti connect secure/9.1-r2
version/ivanti connect secure/9.1-r3
version/ivanti connect secure/9.1-r4
version/ivanti connect secure/9.1-r5
version/ivanti connect secure/9.1-r6
version/ivanti connect secure/9.1-r7
version/ivanti connect secure/9.1-r8
canonical/ivanti policy secure
version/ivanti policy secure/9.1-r1
version/ivanti policy secure/9.1-r2
version/ivanti policy secure/9.1-r3
version/ivanti policy secure/9.1-r4
version/ivanti policy secure/9.1-r5
version/ivanti policy secure/9.1-r6
version/ivanti policy secure/9.1-r7
version/ivanti policy secure/9.1-r8