XSS in Vmware Esx_server

CVE-2009-2277

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

Vmware Esx_server — versions 3.0.3, 3.5
Vmware Virtualcenter — versions 2.5, 2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
39037 (Patch, vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
oval:org.mitre.oval:def:7080 (signature, x_refsource_OVAL, vdb-entry)