CVE-2012-1825 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the status program on the ForeScout CounterACT appliance with software 6.3.3.2 through 6.3.4.10 allow remote attackers to inject arbitrary web script or HTML via (1) the loginname parameter in a forgotpass action or (2) the username parameter.

Reference

http://www.kb.cert.org/vuls/id/815532 http://www.kb.cert.org/vuls/id/MAPG-8TWMEJ