11 Sep 2012
03 Oct 2012
Cross-Site Scripting vulnerabilities allow a third party to manipulate the content or behaviour of a web application in a user's browser, without compromising the underlying system.
Different Cross-Site Scripting related vulnerabilities are also classified under this category, including "script insertion" and "cross-site request forgery".
Cross-Site Scripting vulnerabilities are often used against specific users of a website to steal their credentials or to conduct spoofing attacks.
Dell SecureWorks has reported a vulnerability in F5 BIG-IP ASM, which can be exploited by malicious people to conduct script insertion attacks.
Certain input passed to the traffic overview page is not properly sanitised before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected device when the malicious data is viewed.
The vulnerability is reported in versions 10.0.0 through 11.2.0 HF2.
Update to a fixed version. See the vendor's advisory for more information.
Roger Webyss, Dell SecureWorks.