K57214921 : BIG-IP TMUI XSS vulnerability CVE-2020-5915

Security Advisory Description

An undisclosed Traffic Management User Interface (TMUI), or Configuration utility, page contains a vulnerability which allows a stored cross-site scripting (XSS) attack when BIG-IP systems are setup in a device trust.

Impact

On a BIG-IP system in a high availability (HA) configuration, users with Resource Administrator or Administrator roles may be able store an XSS attack, which could result in command execution by the logged in user.