CVE-2012-6029

Cisco Nac Appliance < 4.9.2 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.

References (2)

[Vendor Advisory] http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029

[Various Sources] http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/

Scores

EPSS 0.0024

EPSS Percentile 46.2%

Details

CWE

CWE-79

Status published

Products (12)

cisco/nac_appliance < 4.9.2

cisco/nac_appliance

... and 2 more

Published Jan 31, 2013

Tracked Since Feb 18, 2026