CVE-2008-0265

Name of the Vulnerable Software and Affected Versions F5 BIG-IP version 9.4.3

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the Search function of the web management interface. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the SearchString parameter to various API endpoints, including "/tmui/Control/jspmap/tmui/system/log/" with files such as "list system.jsp", "list pktfilter.jsp", "list ltm.jsp", "resources audit.jsp", and "list asm.jsp", as well as "list.jsp" in certain directories.

Recommendations For F5 BIG-IP version 9.4.3, as a temporary workaround, consider restricting access to the Search function in the web management interface until a patch is available. Avoid using the SearchString parameter in the affected API endpoints until the issue is resolved.