vendor:
PacketFence Network Access Controller
by:
K053
7.5
CVSS
HIGH
Injection Flaw
20
CWE
Product Name: PacketFence Network Access Controller
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Private Networks
2009
Injection Flaw in PacketFence Network Access Controller
PacketFence is a fully supported, Free and Open Source network access control (NAC) system. The application is vulnerable to injection flaw like Xss, HTML Code injection. Attacker can perform attack via post method by manipulating passed data or entering malicious code in the username field.
Mitigation:
Input validation should be done on passed data to prevent injection flaws.