Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pulsesecure pulse connect secure 8.3r1.0 vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2017-11193
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the diag.cgi file is responsible for running commands such as ping, ping6, traceroute, traceroute6, nslookup, arp, and Portprobe. These functions do not have any protections against CSRF. That can allow an malicious u...
Pulsesecure Pulse Connect Secure 8.3r1.0
6.1
CVSSv3
CVE-2017-11195
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However,...
Pulsesecure Pulse Connect Secure 8.3r1.0
8.8
CVSSv3
CVE-2017-11196
Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function of the admin panel is not protected by any CSRF tokens, thus allowing an malicious user to logout a user by making them visit a malicious web page.
Pulsesecure Pulse Connect Secure 8.3r1.0
6.1
CVSSv3
CVE-2017-11194
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. In the admin panel, the certid parameter of adminservercacertdetails.cgi is reflected in the application's response and is not properly sanitized, allowing an malicious user to inject tags. An atta...
Pulsesecure Pulse Connect Secure 8.3r1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started