|Impact:||Cross-site Scripting (XSS)|
BIG-IP Application Security Manager 10.x , vulnerable versions: =
Big-IP Application Security Manager 11.x , vulnerable versions: 1
A cross-site scripting vulnerability was found in F5 BIG-IP Application Security Manager Tree View.
Vulnerability is caused by an input validation error in pl_tree.php. A remote attacker can send a specially crafted HTTP request to the vulnerable application and execute arbitrary html and scripting code in user`s browser in context of a vulnerable website.
Further exploitation of this vulnerability may result in stealing potentially sensitive to the user information, such as cookies, or disguising the information presented on the website.