A cross-site scripting (XSS) vulnerability exists in list.jsp for the BIG-IP and Enterprise Manager Configuration utilities. (CVE-2014-3959)
Impact
Some** list.jsp** parameters may allow an attacker to bypass XSS protection mechanisms using a crafted string.