On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.
CPE | Name | Operator | Version |
---|---|---|---|
big-ip_application_security_manager | ge | 15.1.0 | |
big-ip_application_security_manager | lt | 15.1.1 |