CVE-2012-1825: XSS
First published: Mon Jun 11 2012(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ForeScout CounterACT | =6.3.3.2 | |
| ForeScout CounterACT | =6.3.4.10 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2012-1825?
CVE-2012-1825 is rated as medium severity due to the potential for cross-site scripting attacks.
What systems are affected by CVE-2012-1825?
CVE-2012-1825 affects ForeScout CounterACT versions 6.3.3.2 through 6.3.4.10.
How do I fix CVE-2012-1825?
To fix CVE-2012-1825, it is recommended to upgrade to a version of ForeScout CounterACT that is not affected.
What types of attacks can CVE-2012-1825 facilitate?
CVE-2012-1825 can allow remote attackers to execute arbitrary web scripts or HTML via specific parameters.
Is CVE-2012-1825 a documented vulnerability?
Yes, CVE-2012-1825 is documented and has been listed in official vulnerability databases.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/forescout
- canonical/forescout counteract
- version/forescout counteract/6.3.3.2
- version/forescout counteract/6.3.4.10