Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Cross-site scripting (XSS) vulnerability in the web management interface in F5 BIG-IP 9.4.3 allows remote attackers to inject arbitrary web script or HTML via (1) the name of a node object, or the (2) sysContact or (3) sysLocation SNMP configuration field, aka "Audit Log XSS." NOTE: these issues might be resultant from cross-site request forgery (CSRF) vulnerabilities.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
F5 Big-IP Web管理界面审计日志跨站脚本漏洞
Vulnerability Description
F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的多合一网络设备。 F5 BIG-IP的Web管理界面的审计日志工具存在跨站脚本漏洞。日志项未经HTML编码便直接输出,这允许攻击者创建内嵌了脚本的日志项,如果管理员查看了审计日志就会执行恶意脚本。 一种可能的攻击方式是创建在节点名中嵌入了脚本的节点对象,由于不支持的字符,创建这个节点会失败,但仍会创建审计日志;此外还可以创建特制的URL链接,该链接会生成内嵌有HTTP GET请求的日志项,因此可以远程利用这个漏洞。
CVSS Information
N/A
Vulnerability Type
N/A