Cross-Site Scripting Flaw in VMware View by VMware
CVE-2010-1143

Currently unrated

Key Information:

Vendor: Vmware
Status: View Manager
Vendor: CVE Published:; 7 May 2010

Summary

A cross-site scripting vulnerability exists in VMware View (previously known as Virtual Desktop Manager) versions 3.1.x prior to 3.1.3 build 252693. This flaw allows remote attackers to inject potentially malicious web scripts or HTML through unspecified vectors, exposing users to the risk of data theft and other malicious actions. Organizations using these affected versions should apply relevant patches or upgrades to mitigate the risk associated with this vulnerability.

References

http://www.vmware.com/security/advisories/VMSA-2010-0008....

x_refsource_CONFIRM

http://security.gentoo.org/glsa/glsa-201209-25.xml

vendor-advisoryx_refsource_GENTOO

http://securitytracker.com/id?1023945

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 7, 2010
Vulnerability Reserved
Mar 29, 2010