CVE-2018-20807
28.06.2019, 18:15
An XSS issue has been found in welcome.cgi in Pulse Secure Pulse Connect Secure (PCS) 8.1.x before 8.1R12, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 due to one of the URL parameters not being sanitized properly.
| Vendor | Product | Version |
|---|---|---|
| ivanti | connect_secure | 8.1:r1.0 |
| ivanti | connect_secure | 8.1:r1.1 |
| ivanti | connect_secure | 8.1:r10.0 |
| ivanti | connect_secure | 8.1:r11.0 |
| ivanti | connect_secure | 8.1:r11.1 |
| ivanti | connect_secure | 8.1:r2.0 |
| ivanti | connect_secure | 8.1:r2.1 |
| ivanti | connect_secure | 8.1:r3.1 |
| ivanti | connect_secure | 8.1:r3.2 |
| ivanti | connect_secure | 8.1:r4.0 |
| ivanti | connect_secure | 8.1:r4.1 |
| ivanti | connect_secure | 8.1:r5.0 |
| ivanti | connect_secure | 8.1:r6.0 |
| ivanti | connect_secure | 8.1:r7 |
| ivanti | connect_secure | 8.1:r7.0 |
| ivanti | connect_secure | 8.1:r8.0 |
| ivanti | connect_secure | 8.1:r9.0 |
| ivanti | connect_secure | 8.1:r9.1 |
| ivanti | connect_secure | 8.1:r9.2 |
| ivanti | connect_secure | 8.2:r1 |
| ivanti | connect_secure | 8.2:r1.0 |
| ivanti | connect_secure | 8.2:r1.1 |
| ivanti | connect_secure | 8.2:r2.0 |
| ivanti | connect_secure | 8.2:r3.0 |
| ivanti | connect_secure | 8.2:r3.1 |
| ivanti | connect_secure | 8.2:r4.0 |
| ivanti | connect_secure | 8.2:r4.1 |
| ivanti | connect_secure | 8.2:r5.0 |
| ivanti | connect_secure | 8.2:r5.1 |
| ivanti | connect_secure | 8.2:r6.0 |
| ivanti | connect_secure | 8.2:r7.0 |
| ivanti | connect_secure | 8.2:r7.1 |
| ivanti | connect_secure | 8.2:r7.2 |
| ivanti | connect_secure | 8.2:r8.0 |
| ivanti | connect_secure | 8.2:r8.1 |
| ivanti | connect_secure | 8.2:r8.2 |
| ivanti | connect_secure | 8.3:r1 |
| ivanti | connect_secure | 8.3:r2 |
| ivanti | connect_secure | 8.3:r2.1 |
𝑥
= Vulnerable software versions