Lucene search
F5F5:K43523962HistoryMay 05, 2017 - 12:00 a.m.
K43523962 : BIG-IP APM XSS vulnerability CVE-2016-9257
2017-05-0500:00:00
my.f5.com
10
0.001 Low
EPSS
Percentile
36.6%
Security Advisory Description
BIG-IP APM 12.0.0 through 12.1.2 is vulnerable to Cross Site Scripting (XSS) injection due to rendering of not escaped/not encoded content of session variables in Access Reports. (CVE-2016-9257)
Impact
A malicious non-authenticated user may be able to inject JavaScript into a request that will then be rendered and executed in the context of an administrative user when the administrative user is viewing Access Reports.
| CPE | Name | Operator | Version |
|---|---|---|---|
| big-ip afm | eq | 11.4.0 | |
| big-ip afm | eq | 11.4.1 | |
| big-ip afm | eq | 11.5.0 | |
| big-ip afm | eq | 11.5.1 | |
| big-ip afm | eq | 11.5.2 | |
| big-ip afm | eq | 11.5.3 | |
| big-ip afm | eq | 11.5.4 | |
| big-ip afm | eq | 11.6.0 | |
| big-ip afm | eq | 11.6.1 | |
| big-ip afm | eq | 12.0.0 |
Related
nvd
nvd
CVE-2016-9257
2017-05-09 15:29:00
nessus
nessus
F5 Networks BIG-IP : BIG-IP APM XSS vulnerability (K43523962)
2017-05-08 00:00:00
cvelist
cvelist
CVE-2016-9257
2017-05-09 15:00:00
prion
prion
Cross site scripting
2017-05-09 15:29:00
cve
cve
CVE-2016-9257
2017-05-09 15:29:00
openvas
openvas
F5 BIG-IP - TMM vulnerability CVE-2016-9257
2017-05-17 00:00:00