CVE-2008-0539

F5 Big-ip Application Security Manager < 9.2.5 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php in F5 BIG-IP Application Security Manager (ASM) 9.4.3 allows remote attackers to inject arbitrary web script or HTML via the report_type parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by nnposter · textwebappsphp

https://www.exploit-db.com/exploits/31065

View Code ZIP pw:eip

References (9)

[Broken Link] http://secunia.com/advisories/28655

[Broken Link] http://securityreason.com/securityalert/3602

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/487118/100/0/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/489290/100/0/threaded

[Broken Link, Exploit, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/27462

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/28151

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1019276

[Permissions Required] http://www.vupen.com/english/advisories/2008/0301

[VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39979

Scores

EPSS 0.0158

EPSS Percentile 81.4%

Classification

CWE

CWE-79

Status draft

Affected Products (2)

f5/big-ip_application_security_manager < 9.2.5

f5/big-ip_application_security_manager

Timeline

Published Feb 01, 2008

Tracked Since Feb 18, 2026