Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pulse Connect Secure 安全漏洞
Vulnerability Description
Pulse Connect Secure(又名PCS,前称Juniper Junos Pulse)是美国Pulse Secure公司的一套SSL VPN解决方案。 PCS 8.3R1版本中的launchHelp.cgi文件存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的脚本代码或HTML。
CVSS Information
N/A
Vulnerability Type
N/A