Vulnerabilities > Pulsesecure > Pulse Connect Secure > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-07-12 CVE-2017-11195 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. 		4.3
4.3
2017-07-12 CVE-2017-11194 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0
Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. 		4.3
4.3
2017-07-12 CVE-2017-11193 Cross-Site Request Forgery (CSRF) vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0
Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. 		6.8
6.8
2016-05-26 CVE-2016-4790 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
5.5
5.5
2016-05-26 CVE-2016-4789 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
6.1
6.1
2016-05-26 CVE-2016-4788 Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors.
network
low complexity
ivanti pulsesecure
5.8
5.8