A reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
History

Fri, 27 Sep 2024 22:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: f5

Published: 2023-08-02T15:55:06.419Z

Updated: 2024-09-27T21:58:05.063Z

Reserved: 2023-07-17T22:41:24.595Z

Link: CVE-2023-38138

cve-icon Vulnrichment

Updated: 2024-08-02T17:30:14.187Z

cve-icon NVD

Status : Modified

Published: 2023-08-02T16:15:10.440

Modified: 2024-11-21T08:12:56.123

Link: CVE-2023-38138

cve-icon Redhat

No data.