CVE-2022-27880
Summary
| CVE | CVE-2022-27880 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-05-05 17:15:00 UTC |
| Updated | 2022-05-12 20:46:00 UTC |
| Description | On F5 Traffix SDC 5.2.x versions prior to 5.2.2 and 5.1.x versions prior to 5.1.35, a stored Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the Traffix SDC Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | F5 | Traffix Signaling Delivery Controller | 5.1.0 | All | All | All |
| Application | F5 | Traffix Signaling Delivery Controller | 5.2.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| support.f5.com/csp/article/K17341495 | MISC | support.f5.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: F5 acknowledges TIM Security Red Team Research, Valerio Alessandroni, Matteo Brutti, and Massimiliano Brolli for bringing this issue to our attention and following the highest standards of coordinated disclosure.
There are currently no legacy QID mappings associated with this CVE.