Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18959
HistoryJan 27, 2008 - 12:00 a.m.

F5 BIG-IP Web Management ASM Security Report XSS

2008-01-2700:00:00
vulners.com
44
JSON

F5 BIG-IP Web Management ASM Security Report XSS

Product: F5 BIG-IP Application Security Manager
http://www.f5.com/products/big-ip/product-modules/application-security-manager.html

The F5 BIG-IP ASM web management interface contains a cross-site scripting vulnerability in the Security Report function.
Parameter report_type in page /dms/policy/rep_request.php is not sanitized before it gets embedded in the HTML output as a
hidden form value.

Example:
https://(target)/dms/policy/rep_request.php?report_type=%22%3E%3Cbody+onload=alert(%26quot%3BXSS%26quot%3B)%3E%3Cfoo+

The vulnerability has been identified in version 9.4.3. However, other versions may be also affected.

Solution:
Administrators should not browse untrusted sites while logged into the BIG-IP web management interface. It is not possible
to log out of the interface so it is important to shut down the browser after the interface is no longer needed. Closing
the interface browser window or removing the BIG-IP cookie is not sufficient.

Found by:
nnposter

JSON