CVE-2015-1050
F5 BIG-IP Application Security Manager < 11.5.1 - Cross-Site Scripting via Response Body Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application Security Manager (ASM) before 11.6 allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/534459/100/0/threaded
Exploit x_refsource_misc
http://packetstormsecurity.com/files/129911/F5-BIG-IP-Application-Security-Manager-ASM-XSS.html
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/43
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1031551
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/99907
Scores
EPSS
0.0031
EPSS Percentile
54.1%
Details
CWE
CWE-79
Status
published
Products (1)
f5/big-ip_application_security_manager
< 11.5.1
Published
Jan 15, 2015
Tracked Since
Feb 18, 2026