Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6.0 allows an authenticated user to inject arbitrary web script or HTML via the Response Body field. (CVE-2015-1050)
Impact
Remote attackers may be able to inject arbitrary web script or HTML by way of the Response Body field.