CVE-2017-4940
N/A
N/A
Summary
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| VMware | ESXi | 6.5 before ESXi650-201712103-SG | affected |
| VMware | ESXi | 6.0 before ESXi600-201711103-SG | affected |
| VMware | ESXi | 5.5 before ESXi550-201709102-SG) | affected |
Weaknesses
- Stored cross-site scripting vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://www.vmware.com/security/advisories/VMSA-2017-0021.html
- http://www.securitytracker.com/id/1040024
References
- https://www.vmware.com/security/advisories/VMSA-2017-0021.html
- http://www.securitytracker.com/id/1040024
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.