Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0265

CWE-79 — Cross-site Scripting (XSS)5 documents5 sources
Severity
4.3MEDIUM
EPSS
11.9%
top 6.25%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
F5 Tmos
Timeline
PublishedJan 15
Latest updateMay 1

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9.4.3 allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to (1) list_system.jsp, (2) list_pktfilter.jsp, (3) list_ltm.jsp, (4) resources_audit.jsp, and (5) list_asm.jsp in tmui/Control/jspmap/tmui/system/log/; and (6) list.jsp in certain directories.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

â–¶NVDf5/tmos9.4.3

🔴Vulnerability Details

2
GHSA
GHSA-w7vq-3jjj-wq22: Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9↗2022-05-01
â–¶
CVEList
CVE-2008-0265: Multiple cross-site scripting (XSS) vulnerabilities in the Search function in the web management interface in F5 BIG-IP 9↗2008-01-15
â–¶

💥Exploits & PoCs

1
Exploit-DB
F5 BIG-IP 9.4.3 - 'SearchString' Multiple Cross-Site Scripting Vulnerabilities↗2008-01-14
â–¶

📋Vendor Advisories

1
Red Hat
CVE-2009-0265: Internet Systems Consortium (ISC) BIND 9↗
â–¶
CVE-2008-0265 (MEDIUM CVSS 4.3) | Multiple cross-site scripting (XSS) | cvebase.io