CVE-2024-47139

Medium CVSS 6.8

Overview

A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IQ Configuration utility that allows an attacker with the Administrator role to run JavaScript in the context of the currently logged-in user.

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

CWE: CWE-80 Published: 2024-10-16T15:15:16.490

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 6.8 (MEDIUM)
Detected tags: xss (tag impact: MODERATE)

Recommended actions:

Apply context-aware output encoding.
Enable Content-Security-Policy and HttpOnly/SameSite cookies.

Overview

Recommended tools

Tags