On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system.
[
{
"product": "BIG-IP (APM)",
"vendor": "F5 Networks, Inc.",
"versions": [
{
"status": "affected",
"version": "14.0.0-14.0.0.4, 13.0.0-13.1.1.3, 12.1.0-12.1.3.7"
}
]
}
]