bc81987
May 15, 2024Nimbostratus
CWE-20: Improper Input Validation
Good afternoon,
We've recently had a burp suite scan done on our F5 pair. This was the result:
The application may be vulnerable to DOM-based DOM data manipulation. Data is read from
window.location.search and passed to the 'setAttribute()' function of a DOM element.
The results page from the scan included the requests and responses to and from the F5s; so I believe this is not a false positive. I am wondering if there is a fix for this through an update? Currently, we're running "BIG-IP v15.1.10.3 (Build 0.0.12)"