XSS in Vmware Server

CVE-2010-1193

Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server 2.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to JSON error messages.

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.004 (58.9th percentile) — read the EPSS interpretation.

Affected products

Vmware Server — versions 2.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

[security-announce] 20100329 VMSA-2010-0005 VMware products address vulnerabilities in WebAccess (Vendor Advisory, mailing-list, x_refsource_MLIST, Patch)
39037 (vdb-entry, x_refsource_BID)
1023769 (vdb-entry, x_refsource_SECTRACK)
cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)