8 matches found
EUVD-2012-5903
Malware in sbrugna...
Cisco NAC Appliance Cross-Site Scripting Vulnerability
Cisco NAC Appliance contains a vulnerability that could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to insufficient validation of user-supplied input processed by the affected software. An unauthenticated, remote attacker could explo...
CVE-2012-6029
Multiple cross-site scripting XSS vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cm or 2 uri parameters to a perfigoweblogin.jsp, or the 3 cm, 4 provider, 5 session, 6 uri, 7...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cm or 2 uri parameters to a perfigoweblogin.jsp, or the 3 cm, 4 provider, 5 session, 6 uri, 7...
CVE-2012-6029
Multiple cross-site scripting XSS vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 cm or 2 uri parameters to a perfigoweblogin.jsp, or the 3 cm, 4 provider, 5 session, 6 uri, 7...
CVE-2012-6029
CVE-2012-6029 affects Cisco NAC Appliance 4.9.2 and earlier. The vulnerability is a set of cross-site scripting flaws in the web-authentication flow, exploitable by an unauthenticated, remote attacker who persuades a user to follow a malicious URL. Specifically, XSS can be triggered via parameter...
KLA10104 CI vulnerability in Cisco NAC Appliance
XSS vulnerabilities were found in the Cisco NAC Appliance. By exploiting this vulnerability malicious users can inject arbitrary web scripts. This vulnerability can be exploited from the network at a point related to web-auth. Original advisories Cisco bulletin Related products...
Code injection
Cisco Network Admission Control NAC Appliance 3.5.x, 3.6.x before 3.6.4.4, 4.0.x before 4.0.6, and 4.1.x before 4.1.2 allows remote attackers to obtain the shared secret for the Clean Access Server CAS and Clean Access Manager CAM by sniffing error logs...