Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1050

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1050
Last Modified 17 Jan 2015 09:59:22
Published 15 Jan 2015 10:59:30
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1050

Summary

Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.

Vulnerable Systems

Application

  • F5 Big-ip Application Security Manager 11.5.1


References

BUGTRAQ - 20150113 [Corrected] Stored XSS Vulnerability in F5 BIG-IP Application Security Manager

XF - f5bigip-responsebody-xss(99907)

MISC - http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html


Last Updated: 27 May 2016 11:07:34