PT-2016-5004 · Vmware · Vmware Vcenter Server+1
Hyp3Rlinx
+1
·
Publicado
2016-06-08
·
Atualizado
2018-10-09
·
CVE-2016-2078
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
VMware vCenter Server versions 5.1 before update 3d
VMware vCenter Server versions 5.5 before update 3d
VMware vCenter Server versions 6.0 before update 2
Description
A cross-site scripting (XSS) issue exists in the Web Client of VMware vCenter Server, allowing remote attackers to inject arbitrary web script or HTML via the
flashvars parameter.Recommendations
For VMware vCenter Server version 5.1, update to version 5.1 update 3d or later.
For VMware vCenter Server version 5.5, update to version 5.5 update 3d or later.
For VMware vCenter Server version 6.0, update to version 6.0 update 2 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Vmware Vcenter
Vmware Vcenter Server