CVE-2017-11195 — MEDIUM (6.1)

Vulnerability Description

Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags, so one cannot simply close the src with a quote and inject after that. However, an attacker can use javascript: or data: to abuse this.

CVSS Score

6.1

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Pulsesecure	Pulse Connect Secure	8.3r1.0

Related Weaknesses (CWE)

CWE-79

References

http://www.securityfocus.com/bid/99615
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20SecThird Party Advisory
https://twitter.com/sxcurity/status/884556905145937921Third Party Advisory
http://www.securityfocus.com/bid/99615
http://www.sxcurity.pro/Multiple%20XSS%20and%20CSRF%20in%20Pulse%20Connect%20SecThird Party Advisory
https://twitter.com/sxcurity/status/884556905145937921Third Party Advisory

FAQ

What is CVE-2017-11195?

CVE-2017-11195 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The helpLaunchPage parameter is reflected in an IFRAME element, if the value contains two quotes. It properly sanitizes quotes and tags,...

How severe is CVE-2017-11195?

CVE-2017-11195 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-11195?

Check the references section above for vendor advisories and patch information. Affected products include: Pulsesecure Pulse Connect Secure.