Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco nac appliance 3.6 |
||
cisco nac appliance 4.8 |
||
cisco nac appliance - |
||
cisco nac appliance 4.1 |
||
cisco nac appliance 4.7.2 |
||
cisco nac appliance 4.7.1 |
||
cisco nac appliance 4.7 |
||
cisco nac appliance 4.6 |
||
cisco nac appliance 4.5 |
||
cisco nac appliance 4.0 |
||
cisco nac appliance |