CVE-2014-4023 Information
Description
Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in the Configuration utility in F5 BIG-IP LTM APM ASM GTM and Link Controller 11.0.0 before 11.6.0 and 10.1.0 through 10.2.4 AAM 11.4.0 before 11.6.0 AFM and PEM 11.3.0 before 11.6.0 Analytics 11.0.0 through 11.5.1 Edge Gateway WebAccelerator and WOM 11.0.0 through 11.3.0 and 10.1.0 through 10.2.4 and PSM 11.0.0 through 11.4.1 and 10.1.0 through 10.2.4 and Enterprise Manager 3.0.0 through 3.1.1 and 2.1.0 through 2.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Reference
http://www.securitytracker.com/id/1030776 https://support.f5.com/kb/en-us/solutions/public/15000/500/sol15532.html https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20140828-F5_BIG-IP_Reflected_XSS_v10.txt
Share on: