CVE-2012-6029

CVE Database · CVE-2012-6029

CVE-2012-6029

· N/AModified

CVSS v3.1

N/A

EPSS

0.97%

Published

Jan 31, 2013

Modified

Apr 28, 2026

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the web-authentication function on the Cisco NAC Appliance 4.9.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) cm or (2) uri parameters to (a) perfigo_weblogin.jsp, or the (3) cm, (4) provider, (5) session, (6) uri, (7) userip, or (8) username parameters to (b) perfigo_cm_validate.jsp, aka Bug ID CSCud15109.

Weaknesses (CWE)

CWE-79

Affected Products (11)

cisco · nac_appliancevulnerable

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029

Vendor Advisory

http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2012-6029

Vendor Advisory

http://www.secureworks.com/cyber-threat-intelligence/advisories/SWRX-2013-001/

KEV Catalog EPSS Scores Vendors All CVEs