CVE-2017-11195
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.
Pulse Connect Secure versión 8.3R1, tiene una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en el archivo launchHelp.cgi. El parámetro helpLaunchPage es reflejado en un elemento IFRAME, si el valor contiene dos comillas. Al sanear apropiadamente las comillas y las etiquetas, entonces no se puede cerrar el src con una comilla e inyectar después de esta. Sin embargo, un atacante puede usar javascript: o data: para abusar de esto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-07-12 CVE Reserved
- 2017-07-12 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/99615 | Vdb Entry | |
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20Secure%20v8.3R1.pdf | Third Party Advisory | |
https://twitter.com/sxcurity/status/884556905145937921 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Pulsesecure Search vendor "Pulsesecure" | Pulse Connect Secure Search vendor "Pulsesecure" for product "Pulse Connect Secure" | 8.3r1.0 Search vendor "Pulsesecure" for product "Pulse Connect Secure" and version "8.3r1.0" | - |
Affected
|