{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T03:39:13.034","vulnerabilities":[{"cve":{"id":"CVE-2016-9257","sourceIdentifier":"f5sirt@f5.com","published":"2017-05-09T15:29:00.343","lastModified":"2025-04-20T01:37:25.860","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be able to inject JavaScript into a request that will then be rendered and executed in the context of the Administrative user when the Administrative user is viewing the Access System Logs, allowing the non-authenticated user to carry out a Cross Site Scripting (XSS) attack against the Administrative user."},{"lang":"es","value":"En F5 BIG-IP APM versiones 12.0.0 hasta la 12.1.2, usuarios no autenticados podrían inyectar código JavaScript en una petición que podría ser renderizada y ejecutada en el contexto del usuario Administrativo cuando dicho usuario está visualizando los logs de acceso al sistema, permitiendo al usuario no autenticado llevar a cabo un ataque de tipo Cross Site Scripting (XSS) contra el usuario Administrativo."}],"metrics":{"cvssMetricV30":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.0.0:*:*:*:*:*:*:*","matchCriteriaId":"3B62FEC0-EE22-46E6-B811-8AB0EE4C3E2E"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.0:*:*:*:*:*:*:*","matchCriteriaId":"FCD2044C-AC6F-4145-B1A0-8EB26DCF1F8C"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.1:*:*:*:*:*:*:*","matchCriteriaId":"5FC866D4-CE8C-4408-AD1E-8643AC554CC9"},{"vulnerable":true,"criteria":"cpe:2.3:a:f5:big-ip_access_policy_manager:12.1.2:*:*:*:*:*:*:*","matchCriteriaId":"7563D979-BE37-4251-B92E-0DBDBE53F3FF"}]}]}],"references":[{"url":"http://www.securitytracker.com/id/1038416","source":"f5sirt@f5.com"},{"url":"https://support.f5.com/csp/article/K43523962","source":"f5sirt@f5.com","tags":["Vendor Advisory"]},{"url":"http://www.securitytracker.com/id/1038416","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://support.f5.com/csp/article/K43523962","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}