PT-2016-5004 · Vmware · Vmware Vcenter Server+1
Hyp3Rlinx
+1
·
Published
2016-06-08
·
Updated
2018-10-09
·
CVE-2016-2078
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
VMware vCenter Server versions 5.1 before update 3d
VMware vCenter Server versions 5.5 before update 3d
VMware vCenter Server versions 6.0 before update 2
Description
A cross-site scripting (XSS) issue exists in the Web Client of VMware vCenter Server, allowing remote attackers to inject arbitrary web script or HTML via the
flashvars parameter.Recommendations
For VMware vCenter Server version 5.1, update to version 5.1 update 3d or later.
For VMware vCenter Server version 5.5, update to version 5.5 update 3d or later.
For VMware vCenter Server version 6.0, update to version 6.0 update 2 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Vcenter
Vmware Vcenter Server