CVE-2024-47139
published 2024-10-16CVE-2024-47139: A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the…
medium4.8CVSS 4.0
AVNACLATNPRHUIPVCNVINVANSCLSILSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.
Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| f5 | big-iq | — | — |
| f5 | big-iq | >= 8.0 < 8.2.0.1 | 8.2.0.1 |
| f5 | big-iq_centralized_management | — | — |