CVE-2017-4940

Summary

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

Affected Software

VendorProductVersion RangeStatus
VMwareESXi6.5 before ESXi650-201712103-SGaffected
VMwareESXi6.0 before ESXi600-201711103-SGaffected
VMwareESXi5.5 before ESXi550-201709102-SG)affected

Weaknesses

  • Stored cross-site scripting vulnerability

ADP Enrichment

CVE Program Container

Additional References

References