PT-2020-05: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI) F5 Traffic Management User Interface (TMUI)Severity:Severity level: High Impact: Cross-site scripting (XSS) in F5 Traffic Management User Interface (TMUI) Access Vector: RemoteCVSS v3.1: Base 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HCVE: CVE-2020-5903Vulnerability description:The vulnerability allows remote attackers to execute malicious JavaScript code in the context of the current user. If the logged-on user has administrative rights and Advanced Shell (bash) access, an attacker who successfully exploited the vulnerability could fully compromise the BIG-IP system.Advisory status:01.04.2020 - Vendor notification date 01.07.2020 - Security advisory publication date (https://support.f5.com/csp/article/K43638305) Credits:The vulnerability was discovered by Mikhail Klyuchnikov, Positive Technologies