exploitDog

CVE-2012-1825

Опубликовано: 11 июн. 2012

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.

Ссылки

http://www.kb.cert.org/vuls/id/815532
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ
US Government Resource
http://www.kb.cert.org/vuls/id/815532
US Government Resource
http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:forescout:counteract:6.3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:forescout:counteract:6.3.4.10:*:*:*:*:*:*:*

EPSS

Процентиль: 74%

0.00842

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-9cg8-95q4-2fg3

github

больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.

EPSS

Процентиль: 74%

0.00842

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79