CVE-2018-20808

An XSS issue has been found with rd.cgi in Pulse Secure Pulse Connect Secure 8.3RX before 8.3R3 due to improper header sanitization. This is not applicable to 8.1RX.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*

History

27 Feb 2024, 21:04

Type Values Removed Values Added
CPE cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r1:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2:*:*:*:*:*:*
cpe:2.3:a:pulsesecure:pulse_connect_secure:8.3:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.3:r1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.3:r2.1:*:*:*:*:*:*
cpe:2.3:a:ivanti:connect_secure:8.3:r2:*:*:*:*:*:*
First Time Ivanti connect Secure
Ivanti

Information

Published : 2019-06-28 18:15

Updated : 2024-02-28 17:08


NVD link : CVE-2018-20808

Mitre link : CVE-2018-20808

CVE.ORG link : CVE-2018-20808


JSON object : View

Products Affected

ivanti

  • connect_secure
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')