Cross-site Scripting Vulnerability in VMware vSphere Client
CVE-2012-1512

Currently unrated

Key Information:

Vendor: Vmware
Status: Vsphere
Vendor: CVE Published:; 16 March 2012

Summary

A cross-site scripting vulnerability exists in the internal browser of VMware's vSphere Client, impacting versions prior to specified updates. This flaw allows remote attackers to inject malicious web scripts or HTML through crafted log-file entries, potentially compromising the security of users and systems interacting with the vSphere Client.

References

http://secunia.com/advisories/48387

third-party-advisoryx_refsource_SECUNIA

http://www.securityfocus.com/bid/52525

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/74093

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Mar 16, 2012
Vulnerability Reserved
Mar 8, 2012