CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-20306

A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HTML via a crafted website and steal sensitive data and credentials. Affected releases are Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.5%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA43730

Products affected by CVE-2018-20306

Pulsesecure » Virtual Traffic Manager » Version: 10.4

cpe:2.3:a:pulsesecure:virtual_traffic_manager:10.4
Pulsesecure » Virtual Traffic Manager » Version: 17.2

cpe:2.3:a:pulsesecure:virtual_traffic_manager:17.2
Pulsesecure » Virtual Traffic Manager » Version: 9.9

cpe:2.3:a:pulsesecure:virtual_traffic_manager:9.9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-20306

Products

Pricing

Contact Us