Cross-Site Scripting Vulnerability in F5 BIG-IP APM Product by F5 Networks
CVE-2013-5976
Currently unrated
Summary
An XSS vulnerability exists in the logout page (logout.inc) of F5 BIG-IP APM versions 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0. This flaw allows remote attackers to inject arbitrary HTML or script code through the LastMRH_Session cookie, potentially leading to unauthorized interactions with users who access the page. Maliciously crafted cookies can exploit this vulnerability, highlighting the need for robust input validation and security measures.
References
Timeline
Vulnerability published
Vulnerability Reserved