In BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client. (CVE-2020-5889)
Impact
An attacker can craft a malicious URL and send it to a victim to launch a cross-site scripting (XSS) attack.