PT-2017-16222 · Vmware · Vmware Esxi
Published
2017-12-20
·
Updated
2022-02-03
·
CVE-2017-4940
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
VMware ESXi versions 5.5 before ESXi550-201709102-SG
VMware ESXi versions 5.5 before ESXi600-201711103-SG
VMware ESXi versions 6.5 before ESXi650-201712103-SG
Description
The issue concerns a stored cross-site scripting (XSS) vulnerability in the ESXi Host Client. An attacker can exploit this by injecting Javascript code, which may be executed when other users access the Host Client.
Recommendations
For VMware ESXi version 5.5, update to a version that includes ESXi550-201709102-SG or later.
For VMware ESXi version 5.5, update to a version that includes ESXi600-201711103-SG or later.
For VMware ESXi version 6.5, update to a version that includes ESXi650-201712103-SG or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Vmware Esxi