CVE-2016-9257
N/A
N/A
Summary
In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| F5 Networks, Inc. | BIG-IP APM | 12.0.0 through 12.1.2 | affected |
Weaknesses
- Non-authenticated XSS attack against Administrative interface via public interface
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.