CVE-2016-4790

Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1r1.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:a:pulsesecure:pulse_connect_secure:7.4:*:*:*:*:*:*:*

Configuration 4 (hide)

cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*

History

21 Nov 2024, 02:52

Type Values Removed Values Added
References () http://www.securitytracker.com/id/1035932 - () http://www.securitytracker.com/id/1035932 -
References () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40211 - Vendor Advisory () https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA40211 - Vendor Advisory

27 Feb 2024, 21:04

Type Values Removed Values Added
First Time Ivanti connect Secure
Ivanti
CPE cpe:2.3:a:pulsesecure:pulse_connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.2:*:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.0:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.2:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.1:*:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.0:*:*:*:*:*:*:*

Information

Published : 2016-05-26 14:59

Updated : 2024-11-21 02:52


NVD link : CVE-2016-4790

Mitre link : CVE-2016-4790

CVE.ORG link : CVE-2016-4790


JSON object : View

Products Affected

pulsesecure

  • pulse_connect_secure

ivanti

  • connect_secure
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')