XSS Vulnerability in WebAccess of VMware VirtualCenter and ESX
CVE-2009-2277

Currently unrated

Key Information:

Vendor: Vmware
Status: Esx Server; Virtualcenter
Vendor: CVE Published:; 1 April 2010

Summary

A cross-site scripting vulnerability exists in the WebAccess component of VMware VirtualCenter and ESX, allowing remote attackers to inject arbitrary web script or HTML into the affected systems. This vulnerability can be exploited through various vectors related to 'context data', posing significant security threats to users. When exploited, this XSS flaw can lead to unauthorized actions or data exposure, emphasizing the need for immediate attention and patching.

References

http://www.securityfocus.com/bid/39037

vdb-entryx_refsource_BID

http://lists.vmware.com/pipermail/security-announce/2010/...

mailing-listx_refsource_MLIST

http://www.vmware.com/security/advisories/VMSA-2010-0005....

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 1, 2010
Vulnerability Reserved
Jul 1, 2009