Multiple cross-site scripting (XSS) vulnerabilities on the Forescout CounterACT NAC device before 7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the a parameter to assets/login or (2) the query parameter to assets/rangesearch.
Forescout NAC (Network Access Control) version 6.3.4.1 suffers from ICMP and ARP protocols not being filtered, cross site scripting, and cross site redirection vulnerabilities.