BIG-IP TMUI XSS vulnerability

Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

F5 BIG-IP 跨站脚本漏洞

F5 BIG-IP是美国F5公司的一款集成了网络流量管理、应用程序安全管理、负载均衡等功能的应用交付平台。 F5 BIG-IP存在跨站脚本漏洞，该漏洞源于存在多个反射型跨站点脚本(XSS)漏洞，允许攻击者在当前登录用户的上下文中运行JavaScript。

N/A

N/A