CVE-2015-1050

Name of the Vulnerable Software and Affected Versions F5 BIG-IP Application Security Manager (ASM) versions prior to 11.6

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the Response Body field when creating a new user account. This occurs because the Response Body field does not properly sanitize user input, enabling an attacker to execute malicious scripts.

Recommendations For versions prior to 11.6, update to version 11.6 or later to resolve the issue. As a temporary workaround, consider restricting access to the user account creation feature until the update is applied.