CVE-2012-2975: XSS
First published: Tue Sep 11 2012(Updated: )
Cross-site scripting (XSS) vulnerability in the traffic overview page on the F5 ASM appliance 10.0.0 through 11.2.0 HF2 allows remote attackers to inject arbitrary web script or HTML via crafted requests that are later listed on a summary page.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| F5 Application Security Manager | =10.0.0 | |
| F5 Application Security Manager | =11.2.0-hf2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-2975?
CVE-2012-2975 has a medium severity rating, which indicates a notable risk to affected systems.
How do I fix CVE-2012-2975?
To fix CVE-2012-2975, it is recommended to update the F5 Application Security Manager Appliance to the latest patched version.
What software versions are affected by CVE-2012-2975?
CVE-2012-2975 affects F5 Application Security Manager Appliance versions 10.0.0 through 11.2.0 HF2.
What type of attack does CVE-2012-2975 enable?
CVE-2012-2975 enables attackers to conduct cross-site scripting (XSS) attacks by injecting arbitrary web scripts or HTML.
Where does CVE-2012-2975 manifest in the application?
CVE-2012-2975 manifests on the traffic overview page of the F5 ASM appliance.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/f5
- canonical/f5 application security manager
- version/f5 application security manager/10.0.0
- version/f5 application security manager/11.2.0-hf2