Rapid7 Vulnerability & Exploit Database

Pulse Secure Pulse Connect Secure: CVE-2013-5649: Pulse Connect Secure (PCS) Multiple cross site scripting issues (JSA10589)

Back to Search

Pulse Secure Pulse Connect Secure: CVE-2013-5649: Pulse Connect Secure (PCS) Multiple cross site scripting issues (JSA10589)

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
09/13/2013
Created
10/28/2020
Added
10/28/2020
Modified
10/28/2020

Description

Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.1 before 7.1r15, 7.2 before 7.2r11, 7.3 before 7.3r6, and 7.4 before 7.4r3 allow (1) remote attackers to inject arbitrary web script or HTML via vectors involving login pages, and allow (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a support page.

Solution(s)

  • pulse-secure-pulse-connect-secure-upgrade-7_1r15
  • pulse-secure-pulse-connect-secure-upgrade-7_2r11
  • pulse-secure-pulse-connect-secure-upgrade-7_3r6
  • pulse-secure-pulse-connect-secure-upgrade-7_4r3

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;