A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting attack.

Related CVEs

CVE-2023-38551

Key Information

GHSA ID

GHSA-99x9-vrrc-xxw3

Published

May 31, 2024 6:31 PM

Last Modified

March 27, 2025 9:31 PM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: June 16, 2025 6:25 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.