Lucene search
F5CVELIST:CVE-2016-9257HistoryMay 09, 2017 - 3:00 p.m.
CVE-2016-9257
2017-05-0915:00:00
f5
www.cve.org
0.001 Low
EPSS
Percentile
36.6%
In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
CNA Affected
[
{
"product": "BIG-IP APM",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "12.0.0 through 12.1.2"
}
]
}
]Related
prion
prion
Cross site scripting
2017-05-09 15:29:00
f5
f5
K43523962 : BIG-IP APM XSS vulnerability CVE-2016-9257
2017-05-05 00:00:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP APM XSS vulnerability (K43523962)
2017-05-08 00:00:00
nvd
nvd
CVE-2016-9257
2017-05-09 15:29:00
cve
cve
CVE-2016-9257
2017-05-09 15:29:00
openvas
openvas
F5 BIG-IP - TMM vulnerability CVE-2016-9257
2017-05-17 00:00:00