Cross-Site Scripting Vulnerability in VMware NSX Edge Software
CVE-2017-4929

6.1MEDIUM

Key Information:

Vendor: Vmware
Status: Nsx Edge
Vendor: CVE Published:; 17 November 2017

What is CVE-2017-4929?

VMware NSX Edge versions 6.2.x prior to 6.2.9 and 6.3.x prior to 6.3.5 are susceptible to a Cross-Site Scripting vulnerability. This issue allows attackers to inject malicious scripts into content that is then served to users, potentially leading to unauthorized information disclosure. It highlights the importance of patching and maintaining up-to-date software to mitigate security risks.

Affected Version(s)

NSX Edge 6.2.x before 6.2.9

NSX Edge 6.3.x before 6.3.5

References

https://www.vmware.com/security/advisories/VMSA-2017-0019...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/101891

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1039837

vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2017
Vulnerability Reserved
Dec 26, 2016

Vmware

What is CVE-2017-4929?

Affected Version(s)

References

CVSS V3.1

Timeline