CVE-2012-4983

Name of the Vulnerable Software and Affected Versions Forescout CounterACT NAC device versions prior to 7.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the a parameter to the "assets/login" endpoint or the query parameter to the "assets/rangesearch" endpoint.

Recommendations For versions prior to 7.0, update to version 7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "assets/login" and "assets/rangesearch" endpoints to minimize the risk of exploitation. Avoid using the a and query parameters in these endpoints until the issue is resolved.