Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K04524282
HistoryOct 18, 2018 - 12:00 a.m.

K04524282 : XSS vulnerability in undisclosed TMUI page CVE-2018-15314

2018-10-1800:00:00
my.f5.com
15

EPSS

0.001

Percentile

44.3%

JSON

Security Advisory Description

A reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the current logged-in user. (CVE-2018-15314)

Impact

BIG-IP

A remote unauthenticated attacker could potentially exploit this vulnerability by sending a specific crafted URL that includes the specific target host name and malicious HTML or JavaScript code to a Configuration utility user, which is then reflected back to the victim and executed by the web browser. If the exploit is successful, an attacker can run JavaScript in the context of the currently logged-in user.

Enterprise Manager, BIG-IQ, F5 iWorkflow, and Traffix SDC

There is no impact for these F5 products; they are not affected by this vulnerability.

Related

cvelist 1
nvd 1
nessus 1
prion 1
cve 1
cvelist
cvelist
CVE-2018-15314
2018-10-19 13:00:00
nvd
nvd
CVE-2018-15314
2018-10-19 13:29:00
nessus
nessus
F5 Networks BIG-IP : XSS vulnerability in undisclosed TMUI page (K04524282)
2018-11-02 00:00:00
prion
prion
Cross site scripting
2018-10-19 13:29:00
cve
cve
CVE-2018-15314
2018-10-19 13:29:00

EPSS

0.001

Percentile

44.3%

JSON
Related for F5:K04524282
cvelist1nvd1nessus1prion1cve1