Cross-site Scripting Vulnerability in F5 BIG-IP Application Security Manager
CVE-2015-1050

Currently unrated

Key Information:

Vendor: F5
Status: Big-ip Application Security Manager
Vendor: CVE Published:; 15 January 2015

Summary

A cross-site scripting (XSS) vulnerability exists in F5 BIG-IP Application Security Manager (ASM) prior to version 11.6. This security flaw allows remote attackers to exploit the Response Body field during the new user account creation process, enabling them to inject arbitrary web scripts or HTML. Exploitation of this vulnerability can lead to unauthorized access and manipulation of user data, posing significant risks to application integrity and user safety. Organizations using affected versions are advised to upgrade to patched releases to mitigate this risk.

References

http://www.securityfocus.com/archive/1/534459/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://packetstormsecurity.com/files/129911/F5-BIG-IP-App...

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/99907

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jan 15, 2015
Vulnerability Reserved
Jan 15, 2015