CVE-2024-47139
MEDIUMBIG-IQ Centralized Management - Authenticated Stored Cross-Site Scripting in Configuration Utility
Title source: llmDescription
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
https://my.f5.com/manage/s/article/K000141080
Scores
CVSS v3
6.8
EPSS
0.0076
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-80
Status
published
Products (1)
f5/big-iq_centralized_management
8.2.0
Published
Oct 16, 2024
Tracked Since
Feb 18, 2026