XSS in Vmware Esx_server

CVE-2010-1137

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the n…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (72.2th percentile) — read the EPSS interpretation.

Affected products

Vmware Esx_server — versions 3.0.3, 3.5
Vmware Server — versions 1.0
Vmware Virtualcenter — versions 2.5, 2.0.2
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
GLSA-201209-25 (vendor-advisory, x_refsource_GENTOO)
39037 (vdb-entry, x_refsource_BID)
1023769 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
oval:org.mitre.oval:def:6863 (signature, x_refsource_OVAL, vdb-entry)