CVE-2015-6931

Name of the Vulnerable Software and Affected Versions VMware vCenter Server versions 5.0 before U3g VMware vCenter Server versions 5.1 before U3d VMware vCenter Server versions 5.5 before U2d

Description The issue is related to a cross-site scripting (XSS) vulnerability in the vSphere Web Client component. This vulnerability allows remote attackers to inject arbitrary web script or HTML via a crafted URL, potentially enabling them to execute malicious code on the client-side. The vulnerability exists due to insufficient protection of the web page structure.

Recommendations For versions 5.0 before U3g, update to U3g or later to resolve the issue. For versions 5.1 before U3d, update to U3d or later to resolve the issue. For versions 5.5 before U2d, update to U2d or later to resolve the issue.