CVE-2020-5905
MEDIUMBIG-IP 11.6.1-11.6.5.2 - Stored Cross-Site Scripting in WCCP Configuration Page
Title source: llmDescription
In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility Network > WCCP page, the system does not sanitize all user-provided data before display.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://support.f5.com/csp/article/K07051153
Third Party Advisory third-party-advisory
x_refsource_cert-vn
https://www.kb.cert.org/vuls/id/290915
Scores
CVSS v3
4.3
EPSS
0.0026
EPSS Percentile
48.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L
Details
CWE
CWE-79
Status
published
Products (11)
f5/big-ip_access_policy_manager
11.6.1 - 11.6.5.2
f5/big-ip_advanced_firewall_manager
11.6.1 - 11.6.5.2
f5/big-ip_analytics
11.6.1 - 11.6.5.2
f5/big-ip_application_acceleration_manager
11.6.1 - 11.6.5.2
f5/big-ip_application_security_manager
11.6.1 - 11.6.5.2
f5/big-ip_domain_name_system
11.6.1 - 11.6.5.2
f5/big-ip_fraud_protection_service
11.6.1 - 11.6.5.2
f5/big-ip_global_traffic_manager
11.6.1 - 11.6.5.2
f5/big-ip_link_controller
11.6.1 - 11.6.5.2
f5/big-ip_local_traffic_manager
11.6.1 - 11.6.5.2
... and 1 more
Published
Jul 01, 2020
Tracked Since
Feb 18, 2026