SOL8602 - Cross-site scripting (XSS) vulnerability viewing logs from the web management interface

ID SOL8602
Type f5
Reporter f5
Modified 2016-07-25T00:00:00


To prevent exposure to this vulnerability do not select any unknown or suspicious content when viewing log files using the BIG-IP or Enterprise Manager web management interface. To view log files from the command line, access the device using an SSH client.

Note: Because exploitation of this vulnerability requires an authenticated user, F5 considers this to be a local vulnerability.

F5 Product Development tracked this issue as CR96889, and it was fixed in BIG-IP 10.0.0 and Enterprise Manager 1.8.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, PSM, Link Controller, WebAccelerator or Enterprise Manager release notes.

For additional information about this advisory, refer to the following articles: