Vulnerabilities > Pulsesecure > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-07-12 | CVE-2017-11194 | Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0 Pulse Connect Secure 8.3R1 has Reflected XSS in adminservercacertdetails.cgi. | 4.3 |
| 2017-07-12 | CVE-2017-11193 | Cross-Site Request Forgery (CSRF) vulnerability in Pulsesecure Pulse Connect Secure 8.3R1.0 Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. | 6.8 |
| 2016-05-26 | CVE-2016-4790 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.5 |
| 2016-05-26 | CVE-2016-4789 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-05-26 | CVE-2016-4788 | Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read an unspecified system file via unknown vectors. | 5.8 |
| 2016-03-01 | CVE-2016-0800 | Information Exposure vulnerability in multiple products The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a "DROWN" attack. | 5.9 |