Cross-Site Scripting Vulnerabilities in ForeScout CounterACT Appliance
CVE-2012-1825

Currently unrated

Key Information:

Vendor: Forescout
Status: Counteract
Vendor: CVE Published:; 11 June 2012

What is CVE-2012-1825?

The ForeScout CounterACT appliance contains multiple cross-site scripting (XSS) vulnerabilities, specifically within the status program. These vulnerabilities impact versions 6.3.3.2 through 6.3.4.10, allowing remote attackers to inject arbitrary web scripts or HTML. This can be exploited via the 'loginname' parameter during the 'forgotpass' action or through the 'username' parameter, potentially leading to unauthorized actions and data exposure. To mitigate these risks, users are advised to update to the latest versions and implement security measures.

References

http://www.kb.cert.org/vuls/id/815532

third-party-advisoryx_refsource_CERT-VN

http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jun 11, 2012

Forescout

What is CVE-2012-1825?

References

Timeline