Cross-Site Scripting Vulnerability in F5 BIG-IP Products
CVE-2014-3959

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Protocol Security Module; Big-ip Advanced Firewall Manager; Big-ip Edge Gateway; Big-ip Local Traffic Manager
Vendor: CVE Published:; 3 June 2014

Summary

The cross-site scripting vulnerability in the Configuration utility of F5 BIG-IP products allows remote attackers to inject arbitrary web scripts or HTML. This injection can occur through unspecified parameters, potentially leading to unauthorized access and execution of malicious scripts in the user's browser context.

References

http://secunia.com/advisories/58969

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id/1030319

vdb-entryx_refsource_SECTRACK

http://support.f5.com/kb/en-us/solutions/public/15000/200...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 3, 2014
Vulnerability Reserved
Jun 3, 2014