Cross-Site Scripting Vulnerability in F5 BIG-IP APM Product by F5 Networks
CVE-2013-5976

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Access Policy Manager
Vendor: CVE Published:; 1 October 2013

Summary

An XSS vulnerability exists in the logout page (logout.inc) of F5 BIG-IP APM versions 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0. This flaw allows remote attackers to inject arbitrary HTML or script code through the LastMRH_Session cookie, potentially leading to unauthorized interactions with users who access the page. Maliciously crafted cookies can exploit this vulnerability, highlighting the need for robust input validation and security measures.

References

http://secunia.com/advisories/54941

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1029079

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/62596

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Oct 1, 2013
Vulnerability Reserved
Oct 1, 2013