cvedb.io
CVE-2017-17947
MEDIUM · CVSS 4.8
EPSS exploitation probability: 0%
Published 2018-01-16T21:29:00.250 · Last modified 2026-06-17T01:11:56.403

Summary

A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized. Exploitation does require the user to be logged in as administrator; the issue is not applicable to the end user portal.

Affected products

pulsesecure — pulse_connect_secure

Does this affect you?

Add your gear to cvedb and we'll alert you only when pulsesecure ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.