Medium severity5.4NVD Advisory· Published Jun 9, 2017· Updated May 13, 2026

CVE-2016-7469

Description

A stored cross-site scripting (XSS) vulnerability in the Configuration utility device name change page in BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, PSM, WebAccelerator, WOM and WebSafe version 12.0.0 - 12.1.2, 11.4.0 - 11.6.1, and 11.2.1 allows an authenticated user to inject arbitrary web script or HTML. Exploitation requires Resource Administrator or Administrator privileges, and it could cause the Configuration utility client to become unstable.

Affected products

F5 Networks, Inc./Big Ip Ltm, Aam, Afm, Analytics, Apm, Asm, Dns, Edge Gateway, Gtm, Link Controller, Pem, Psm,webaccelerator,wom,websafev5
Range: 12.0.0 - 12.1.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/95320nvdThird Party AdvisoryVDB Entry
support.f5.com/csp/article/K97285349nvdVendor Advisory
www.securitytracker.com/id/1037559nvd
www.securitytracker.com/id/1037560nvd

News mentions

No linked articles in our index yet.

cvss	0.351
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000