Description
Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.
References (4)
Core 4
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534137/100/0/threaded
Vendor Advisory x_refsource_confirm
https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/62000
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K15939
Scores
EPSS
0.0030
EPSS Percentile
53.7%
Details
CWE
CWE-79
Status
published
Products (1)
f5/big-ip
11.3.0
Published
Dec 08, 2014
Tracked Since
Feb 18, 2026