CVE-2016-5236 — MEDIUM (5.4)

Q: How severe is CVE-2016-5236?

CVE-2016-5236 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2016-5236?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Websafe Alert Server.

Vulnerability Description

Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when creating a new user, account or signature.

CVSS Score

5.4

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
F5	Websafe Alert Server	<= 3.9.5

Related Weaknesses (CWE)

CWE-79

References

https://support.f5.com/csp/article/K55922302Vendor Advisory
https://support.f5.com/csp/article/K55922302Vendor Advisory

FAQ

What is CVE-2016-5236?

CVE-2016-5236 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe Alert Server, allow privileged authenticated users to inject arbitrary web script or HTML when crea...

How severe is CVE-2016-5236?

CVE-2016-5236 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-5236?

Check the references section above for vendor advisories and patch information. Affected products include: F5 Websafe Alert Server.