CVE-2019-6653

There is a Stored Cross Site Scripting vulnerability in the undisclosed page of a BIG-IQ 6.0.0-6.1.0 or 5.2.0-5.4.0 system. The attack can be stored by users granted the Device Manager and Administrator roles.

Published: Sep 25, 2019
Updated: Apr 13, 2023
CVE: CVE-2019-6653
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
f5 / big-iq_centralized_management	6.0.0	6.1.0.x
f5 / big-iq_centralized_management	5.2.0	5.4.0.x

https://support.f5.com/csp/article/K71712132
https://support.f5.com/csp/article/K71712132?utm_source=f5support&utm_medium=RSS
https://support.f5.com/csp/article/K71712132?utm_source=f5support&amp%3Butm_medium=RSS

Vulnerability Database

289,599

CVE-2019-6653