CVE-2005-3619 — Cross-site Scripting in Vmware ESX

4 documents4 sources
Severity
6.8MEDIUMNVD
EPSS
0.9%
top 23.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware ESX
Timeline
PublishedDec 31
Latest updateMay 1

Description

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

â–¶NVDvmware/esx6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-jppx-j8c9-3cxq: Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2↗2022-05-01
â–¶
CVEList
CVE-2005-3619: Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2↗2006-06-02
â–¶

📋Vendor Advisories

1
Red Hat
fastjar: directory traversal vulnerabilities↗2010-06-06
â–¶
CVE-2005-3619 — Cross-site Scripting in Vmware ESX | cvebase