CVE-2012-1825

Name of the Vulnerable Software and Affected Versions ForeScout CounterACT appliance versions 6.3.3.2 through 6.3.4.10

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the status program. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via specific parameters. The vulnerable parameters are the loginname parameter in a forgotpass action and the username parameter.

Recommendations For ForeScout CounterACT appliance versions 6.3.3.2 through 6.3.4.10, avoid using the loginname parameter in a forgotpass action and the username parameter until a fix is available. As a temporary workaround, consider restricting access to the forgotpass action and limiting the use of the username parameter to minimize the risk of exploitation.