CVE-2020-5932
published 2020-10-29CVE-2020-5932: On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An…
medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-ip_application_security_manager | >= 15.1.0 < 15.1.1 | 15.1.1 |
| f5 | big-ip_asm | — | — |