In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published: 2017-05-09T15:00:00

Updated: 2024-08-06T02:42:11.282Z

Reserved: 2016-11-09T00:00:00

Link: CVE-2016-9257

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2017-05-09T15:29:00.343

Modified: 2017-07-08T01:29:02.757

Link: CVE-2016-9257

cve-icon Redhat

No data.