First published: Mon Aug 16 2021(Updated: )
A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter.
Credit: support@hackerone.com support@hackerone.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pulsesecure Pulse Connect Secure | <9.1 | |
Pulsesecure Pulse Connect Secure | =9.1 | |
Pulsesecure Pulse Connect Secure | =9.1-r1.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r10.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r11.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r2.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r3.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r4.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r5.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r6.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r7.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r8.0 | |
Pulsesecure Pulse Connect Secure | =9.1-r9.0 | |
Ivanti Connect Secure | =9.1 | |
Ivanti Connect Secure | =9.1-r1.0 | |
Ivanti Connect Secure | =9.1-r10.0 | |
Ivanti Connect Secure | =9.1-r11.0 | |
Ivanti Connect Secure | =9.1-r2.0 | |
Ivanti Connect Secure | =9.1-r3.0 | |
Ivanti Connect Secure | =9.1-r4.0 | |
Ivanti Connect Secure | =9.1-r5.0 | |
Ivanti Connect Secure | =9.1-r6.0 | |
Ivanti Connect Secure | =9.1-r7.0 | |
Ivanti Connect Secure | =9.1-r8.0 | |
Ivanti Connect Secure | =9.1-r9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-22936 is medium with a CVSS score of 6.1.
CVE-2021-22936 affects Pulse Connect Secure versions before 9.1R12.
CVE-2021-22936 is a cross-site scripting (XSS) vulnerability.
A threat actor can exploit CVE-2021-22936 by performing a cross-site scripting attack against an authenticated administrator via an unsanitized web parameter.
Yes, a fix for CVE-2021-22936 is available in Pulse Connect Secure version 9.1R12.