U.S. Dept Of Defense: Reflected XSS in `Telerik.ReportViewer.axd` with F5 BIG-IP ASM Bypass on `████`

A reflected cross-site scripting XSS vulnerability was discovered in the Telerik.ReportViewer.axd endpoint on the staging subdomain. The vulnerability was exploited by leveraging an unsupported event handler that was not filtered by the F5 BIG-IP Application Security Manager ASM WAF. An obfuscate...