{"vulnerability": "CVE-2022-21826", "sightings": [{"uuid": "641797be-1a66-4b18-8621-f58d10820f1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-21826", "type": "seen", "source": "https://t.me/cibsecurity/50786", "content": "\u203c CVE-2022-21826 \u203c\n\nPulse Secure version 9.115 and below may be susceptible to client-side http request smuggling, When the application receives a POST request, it ignores the request's Content-Length header and leaves the POST body on the TCP/TLS socket. This body ends up prefixing the next HTTP request sent down that connection, this means when someone loads website attacker may be able to make browser issue a POST to the application, enabling XSS.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-09-30T20:36:26.000000Z"}]}