CVE-2023-27378

Name of the Vulnerable Software and Affected Versions BIG-IP versions prior to the fixed version

Description Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility, allowing an attacker to run JavaScript in the context of the currently logged-in user. The issue is related to the lack of protection of the web page structure in the Traffic Management User Interface (TMUI) of BIG-IP software, including BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, and BIG-IP Domain Name System. This could enable a remote attacker to conduct cross-site scripting attacks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.