| Max CVSS | 6.8 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2017-11193 | 6.8 |
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF.
|
20-07-2017 - 01:34 | 12-07-2017 - 20:29 | |
| CVE-2017-11196 | 6.8 |
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an attacker to logout a user by making them visit a malicious web page.
|
19-07-2017 - 01:29 | 12-07-2017 - 20:29 | |
| CVE-2017-11195 | 4.3 |
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote a
|
19-07-2017 - 01:29 | 12-07-2017 - 20:29 | |
| CVE-2017-11194 | 4.3 |
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an attacker to i
|
17-07-2017 - 17:18 | 12-07-2017 - 20:29 |