CVE-2012-6559

Name of the Vulnerable Software and Affected Versions FreeNAC version 3.02

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters, including the comment, mac, graphtype, name, or type parameter to "stats.php", or the comment parameter to "deviceadd.php".

Recommendations For FreeNAC version 3.02, update the software to a version that includes a fix for this issue, as using outdated versions may expose the system to XSS attacks. As a temporary workaround, consider restricting access to the "stats.php" and "deviceadd.php" scripts until a patch is available. Avoid using the vulnerable parameters, such as comment, mac, graphtype, name, or type, in the affected API endpoints until the issue is resolved.