QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2016-7469

Back to search

CVE-2016-7469

Published: Jun 9, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.

VendorProductVersions

F5 Networks, Inc.

BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM,WebAccelerator,WOM,WebSafe

affected
12.0.0 - 12.1.2
affected
11.4.0 - 11.6.1
affected
11.2.1

References

1037559
vdb-entry
x_refsource_SECTRACK
95320
vdb-entry
x_refsource_BID
1037560
vdb-entry
x_refsource_SECTRACK

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now