What is CVE-2020-8263?

CVE-2020-8263 is a vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 that could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

What software versions are affected by CVE-2020-8263?

The Pulse Secure Desktop Client versions 9.1, up to and including 9.1R8.2, are affected by CVE-2020-8263.

How severe is CVE-2020-8263?

CVE-2020-8263 has a severity rating of 5.4, which is considered medium.

How can attackers exploit CVE-2020-8263?

Attackers can exploit CVE-2020-8263 by conducting Cross-Site Scripting (XSS) attacks through the CGI file in the authenticated user web interface of Pulse Connect Secure.

Where can I find more information about CVE-2020-8263?

You can find more information about CVE-2020-8263 in the Pulse Secure Security Advisory at the following link: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Vulnerability/
CVE-2020-8263

medium

5.4

CWE

28/10/2020

4/8/2024

CVE-2020-8263: XSS

Q: What software versions are affected by CVE-2020-8263?

The Pulse Secure Desktop Client versions 9.1, up to and including 9.1R8.2, are affected by CVE-2020-8263.

Q: How severe is CVE-2020-8263?

CVE-2020-8263 has a severity rating of 5.4, which is considered medium.

Q: How can attackers exploit CVE-2020-8263?

Attackers can exploit CVE-2020-8263 by conducting Cross-Site Scripting (XSS) attacks through the CGI file in the authenticated user web interface of Pulse Connect Secure.

Q: Where can I find more information about CVE-2020-8263?

You can find more information about CVE-2020-8263 in the Pulse Secure Security Advisory at the following link: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

First published: Wed Oct 28 2020(Updated: )

A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.

Credit: support@hackerone.com

Affected Software	Affected Version	How to fix
Pulsesecure Pulse Secure Desktop Client	<9.1
Pulsesecure Pulse Secure Desktop Client	=9.1-r1
Pulsesecure Pulse Secure Desktop Client	=9.1-r2
Pulsesecure Pulse Secure Desktop Client	=9.1-r3
Pulsesecure Pulse Secure Desktop Client	=9.1-r3.1
Pulsesecure Pulse Secure Desktop Client	=9.1-r4
Pulsesecure Pulse Secure Desktop Client	=9.1-r4.1
Pulsesecure Pulse Secure Desktop Client	=9.1-r4.2
Pulsesecure Pulse Secure Desktop Client	=9.1-r5
Pulsesecure Pulse Secure Desktop Client	=9.1-r6
Pulsesecure Pulse Secure Desktop Client	=9.1-r7
Pulsesecure Pulse Secure Desktop Client	=9.1-r7.1
Pulsesecure Pulse Secure Desktop Client	=9.1-r8
Pulsesecure Pulse Secure Desktop Client	=9.1-r8.2

Never miss a vulnerability like this again

Reference Links

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

Frequently Asked Questions

What is CVE-2020-8263?
CVE-2020-8263 is a vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 that could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
What software versions are affected by CVE-2020-8263?
The Pulse Secure Desktop Client versions 9.1, up to and including 9.1R8.2, are affected by CVE-2020-8263.
How severe is CVE-2020-8263?
CVE-2020-8263 has a severity rating of 5.4, which is considered medium.
How can attackers exploit CVE-2020-8263?
Attackers can exploit CVE-2020-8263 by conducting Cross-Site Scripting (XSS) attacks through the CGI file in the authenticated user web interface of Pulse Connect Secure.
Where can I find more information about CVE-2020-8263?
You can find more information about CVE-2020-8263 in the Pulse Secure Security Advisory at the following link: https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601

collector/nvd-index
agent/references
agent/severity
agent/author
agent/type
agent/weakness
agent/event
agent/description
agent/softwarecombine
agent/last-modified-date
agent/first-publish-date
agent/tags
collector/mitre-cve
source/MITRE
vendor/pulsesecure
canonical/pulsesecure pulse secure desktop client
version/pulsesecure pulse secure desktop client/9.1-r1
version/pulsesecure pulse secure desktop client/9.1-r2
version/pulsesecure pulse secure desktop client/9.1-r3
version/pulsesecure pulse secure desktop client/9.1-r3.1
version/pulsesecure pulse secure desktop client/9.1-r4
version/pulsesecure pulse secure desktop client/9.1-r4.1
version/pulsesecure pulse secure desktop client/9.1-r4.2
version/pulsesecure pulse secure desktop client/9.1-r5
version/pulsesecure pulse secure desktop client/9.1-r6
version/pulsesecure pulse secure desktop client/9.1-r7
version/pulsesecure pulse secure desktop client/9.1-r7.1
version/pulsesecure pulse secure desktop client/9.1-r8
version/pulsesecure pulse secure desktop client/9.1-r8.2