CVE-2014-3959
F5 BIG-IP 11.2.1-11.5.1 - Cross-Site Scripting via list.jsp
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1 PEM 11.3.0 through 11.5.1, PSM 11.2.1 through 11.4.1, WebAccelerator and WOM 11.2.1 through 11.3.0, and Enterprise Manager 3.0.0 through 3.1.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58969
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030319
Vendor Advisory x_refsource_confirm
http://support.f5.com/kb/en-us/solutions/public/15000/200/sol15296.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030320
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67771
Scores
EPSS
0.0086
EPSS Percentile
75.3%
Details
CWE
CWE-79
Status
published
Products (28)
f5/big-ip_access_policy_manager
11.2.1
f5/big-ip_access_policy_manager
11.5.1
f5/big-ip_advanced_firewall_manager
11.2.1
f5/big-ip_advanced_firewall_manager
11.5.1
f5/big-ip_analytics
11.2.1
f5/big-ip_analytics
11.5.1
f5/big-ip_application_acceleration_manager
11.4.0
f5/big-ip_application_acceleration_manager
11.5.1
f5/big-ip_application_security_manager
11.2.1
f5/big-ip_application_security_manager
11.5.1
... and 18 more
Published
Jun 03, 2014
Tracked Since
Feb 18, 2026