|
Description
|
|
A vulnerability has been reported in F5 BIG-IP ASM, which can be exploited by malicious people to conduct cross-site scripting attacks.
Certain input appended to the URL when passed to the Web Scraping feature in ASM is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site.
Successful exploitation requires that the Web Scraping feature is set to "Block" in the ASM security policy.
The vulnerability is reported in BIG-IP ASM versions 10.1.0 through 10.2.2.
|
