Cross-Site Scripting Vulnerability in F5 BIG-IP APM Product by F5 Networks
CVE-2013-5976

Currently unrated

Key Information:

Vendor
F5
Vendor
CVE Published:
1 October 2013

Summary

An XSS vulnerability exists in the logout page (logout.inc) of F5 BIG-IP APM versions 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0. This flaw allows remote attackers to inject arbitrary HTML or script code through the LastMRH_Session cookie, potentially leading to unauthorized interactions with users who access the page. Maliciously crafted cookies can exploit this vulnerability, highlighting the need for robust input validation and security measures.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.