Vulnerability Details : CVE-2017-11195
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2017-11195
- cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3r1.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-11195
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 39 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-11195
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST | |
6.1
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
2.8
|
2.7
|
NIST |
CWE ids for CVE-2017-11195
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-11195
-
http://www.securityfocus.com/bid/99615
Pulse Connect Secure CVE-2017-11195 Cross Site Scripting Vulnerability
-
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf
Third Party Advisory
-
https://twitter.com/sxcurity/status/884556905145937921
Corben Leo on Twitter: "[New] Pulse Connect Secure (Enterprise-Level SSL VPN) - Multiple XSS & CSRF leading to Command Injection https://t.co/13sSu1Dl0w"Third Party Advisory
Jump to