Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2481Cross-site Scripting in Vmware ESX

4 documents4 sources
Severity
5.0MEDIUMNVD
CNA6.8
EPSS
9.4%
top 7.20%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Vmware ESX
Timeline
PublishedJul 31
Latest updateMay 1

Description

VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 stores authentication credentials in base 64 encoded format in the vmware.mui.kid and vmware.mui.sid cookies, which allows attackers to gain privileges by obtaining the cookies using attacks such as cross-site scripting (CVE-2005-3619).

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDvmware/esx7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-6f84-r44w-9f3r: VMware ESX Server 22022-05-01
CVEList
CVE-2006-2481: VMware ESX Server 22006-07-31

💥Exploits & PoCs

1
Exploit-DB
VMware ESX 2.x - Multiple Information Disclosure Vulnerabilities2006-07-31
CVE-2006-2481 — Cross-site Scripting in Vmware ESX | cvebase