Multiple Cross-Site Scripting Vulnerabilities in Forescout CounterACT NAC Device
CVE-2012-4983

Currently unrated

Key Information:

Vendor: Forescout
Status: Counteract
Vendor: CVE Published:; 5 December 2012

What is CVE-2012-4983?

The Forescout CounterACT NAC device is prone to multiple cross-site scripting (XSS) vulnerabilities that enable remote attackers to inject arbitrary web script or HTML. Specifically, attackers can exploit these vulnerabilities through the 'a' parameter in assets/login or via the query parameter in assets/rangesearch on versions prior to 7.0. This exposure can allow attackers to manipulate web pages and potentially compromise the security of users interacting with the affected system.

References

http://www.reactionpenetrationtesting.co.uk/forescout-nac...

x_refsource_MISC

http://www.securityfocus.com/bid/56688

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 5, 2012
Vulnerability Reserved
Sep 19, 2012