CVE-2017-4940

Name of the Vulnerable Software and Affected Versions VMware ESXi versions 5.5 before ESXi550-201709102-SG VMware ESXi versions 5.5 before ESXi600-201711103-SG VMware ESXi versions 6.5 before ESXi650-201712103-SG

Description The issue concerns a stored cross-site scripting (XSS) vulnerability in the ESXi Host Client. An attacker can exploit this by injecting Javascript code, which may be executed when other users access the Host Client.

Recommendations For VMware ESXi version 5.5, update to a version that includes ESXi550-201709102-SG or later. For VMware ESXi version 5.5, update to a version that includes ESXi600-201711103-SG or later. For VMware ESXi version 6.5, update to a version that includes ESXi650-201712103-SG or later.