Improper escaping of values in an undisclosed page of the BIG-IP Configuration utility may result in an improper handling on the JSON response when it is injected by a malicious script through a remote cross-site scripting (XSS) attack. (CVE-2019-6599)
Impact
BIG-IP and Enterprise Manager
This vulnerability can be exploited by a malicious script, causing the content of the affected pages to become inaccessible or corrupt for the BIG-IP APM and Enterprise Manager Configuration utilities.
BIG-IQ, F5 iWorkflow, and Traffix SDC
There is no impact for these F5 products; they are not affected by this vulnerability.