Medium severity6.1NVD Advisory· Published May 9, 2017· Updated Jun 17, 2026
CVE-2016-9257
CVE-2016-9257
Description
In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user.
Affected products
2Patches
Vulnerability mechanics
References
2- support.f5.com/csp/article/K43523962nvdVendor Advisory
- www.securitytracker.com/id/1038416nvd
News mentions
0No linked articles in our index yet.