Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 29 Jan 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published:

Updated: 2025-01-29T21:03:14.471Z

Reserved: 2023-04-14T23:08:02.577Z

Link: CVE-2023-27378

cve-icon Vulnrichment

Updated: 2024-08-02T12:09:43.436Z

cve-icon NVD

Status : Modified

Published: 2023-05-03T15:15:12.587

Modified: 2024-11-21T07:52:47.307

Link: CVE-2023-27378

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.