CVE-2014-9342Cross-site Scripting in F5 Big-ip

CWE-79Cross-site Scripting3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 46.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
F5 Big-ip
Timeline
PublishedDec 8
Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the tree view (pl_tree.php) feature in Application Security Manager (ASM) in F5 BIG-IP 11.3.0 allows remote attackers to inject arbitrary web script or HTML by accessing a crafted URL during automatic policy generation.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDf5/big-ip11.3.0

🔴Vulnerability Details

2
GHSA
GHSA-9hgf-46m5-7963: Cross-site scripting (XSS) vulnerability in the tree view (pl_tree2022-05-13
CVEList
CVE-2014-9342: Cross-site scripting (XSS) vulnerability in the tree view (pl_tree2014-12-08
CVE-2014-9342 — Cross-site Scripting in F5 Big-ip | cvebase