An undisclosed Traffic Management User Interface (TMUI), or Configuration utility, page contains a vulnerability which allows a stored cross-site scripting (XSS) attack when BIG-IP systems are setup in a device trust.
Impact
On a BIG-IP system in a high availability (HA) configuration, users with Resource Administrator or Administrator roles may be able store an XSS attack, which could result in command execution by the logged in user.