N/A

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

N/A

对生成代码的控制不恰当(代码注入)

F5 Nginx 跨站脚本漏洞

F5 Nginx是美国F5公司的一款轻量级Web服务器/反向代理服务器及电子邮件（IMAP/POP3）代理服务器，在BSD-like协议下发行。 F5 Nginx 存在跨站脚本漏洞，该漏洞源于允许攻击者读取/写入 NGINX data plane instance 上的文件。对文件的访问仅限于运行 NGINX 进程的用户，通常是nginx用户。

N/A

N/A