Cross-site Scripting Vulnerability in VMware VirtualCenter and ESX Products
CVE-2010-1137

Currently unrated

Key Information:

Vendor: Vmware
Status: Virtualcenter
Vendor: CVE Published:; 1 April 2010

Summary

A cross-site scripting (XSS) vulnerability exists in VMware's WebAccess, affecting specific versions of VMware VirtualCenter and ESX. This flaw enables remote attackers to inject arbitrary web scripts or HTML via manipulating the name of a virtual machine. By exploiting this vulnerability, attackers may execute malicious scripts in the context of the user, potentially compromising sensitive data and user interactions.

References

http://www.securityfocus.com/bid/39037

vdb-entryx_refsource_BID

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Apr 1, 2010
Vulnerability Reserved
Mar 29, 2010