Vulnerability Description
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| F5 | Big-Ip Application Security Manager | <= 11.5.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-ManagExploit
- http://seclists.org/fulldisclosure/2015/Jan/43Exploit
- http://www.securityfocus.com/archive/1/534459/100/0/threaded
- http://www.securitytracker.com/id/1031551
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99907
- http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-ManagExploit
- http://seclists.org/fulldisclosure/2015/Jan/43Exploit
- http://www.securityfocus.com/archive/1/534459/100/0/threaded
- http://www.securitytracker.com/id/1031551
- https://exchange.xforce.ibmcloud.com/vulnerabilities/99907
FAQ
What is CVE-2015-1050?
CVE-2015-1050 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when cre...
How severe is CVE-2015-1050?
CVE-2015-1050 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1050?
Check the references section above for vendor advisories and patch information. Affected products include: F5 Big-Ip Application Security Manager.