XSS Vulnerability in VMware vCenter Server Appliance
CVE-2014-3797

Currently unrated

Key Information:

Vendor: Vmware
Status: Vcenter Server Appliance
Vendor: CVE Published:; 8 December 2014

Summary

The VMware vCenter Server Appliance (vCSA) 5.1 prior to Update 3 is susceptible to a cross-site scripting (XSS) vulnerability. This security flaw allows remote attackers to inject arbitrary web scripts or HTML into the affected product. Successful exploitation of this vulnerability may lead to various attacks on users of the affected appliance, potentially compromising their data and security. It is crucial for users of VMware products to apply necessary updates and follow best practices to mitigate risks associated with such vulnerabilities.

References

http://www.vmware.com/security/advisories/VMSA-2014-0012....

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/534161/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://seclists.org/fulldisclosure/2014/Dec/23

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability published
Dec 8, 2014
Vulnerability Reserved
May 20, 2014