CVE-2020-3975

Summary

VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.

Affected Software

VendorProductVersion RangeStatus
n/aVMware App VolumesVMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006affected

Weaknesses

  • Stored Cross-Site Scripting (XSS) vulnerability

ADP Enrichment

CVE Program Container

Additional References

References