Lucene search
HistoryOct 01, 2013 - 8:55 p.m.
CVE-2013-5976
cve
2013
5976
cross-site scripting
xss
vulnerability
access policy
logout page
f5
big-ip
apm
web script
html
lastmrh_session cookie
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.4%
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web script or HTML via the LastMRH_Session cookie.
Affected configurations
Node
f5big-ip_access_policy_managerMatch10.1.0
ORf5big-ip_access_policy_managerMatch10.2.4
ORf5big-ip_access_policy_managerMatch11.0.0
ORf5big-ip_access_policy_managerMatch11.1.0
ORf5big-ip_access_policy_managerMatch11.3.0
ORf5big-ip_access_policy_managerMatch10.1.0
ORf5big-ip_access_policy_managerMatch10.2.4
ORf5big-ip_access_policy_managerMatch11.0.0
ORf5big-ip_access_policy_managerMatch11.1.0
ORf5big-ip_access_policy_managerMatch11.3.0
References
Social References
More
Related
prion
prion
Cross site scripting
2013-10-01 20:55:00
cvelist
cvelist
CVE-2013-5976
2013-10-01 20:00:00
f5
f5
nvd
nvd
CVE-2013-5976
2013-10-01 20:55:34
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.4%
Related for CVE-2013-5976