CVE-2017-4926 — Cross-site Scripting in Vmware Vcenter Server

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

5.4MEDIUMNVD

EPSS

0.2%

top 57.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Vcenter Server

Timeline

PublishedSep 15

Latest updateMay 17

Description

VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5vmware/vcenter_server6.5 prior to 6.5 U1

▶NVDvmware/vcenter_server6.5

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-2pr6-vhmf-w3qp: VMware vCenter Server (6↗2022-05-17

▶

CVEList

CVE-2017-4926: VMware vCenter Server (6↗2017-09-15

▶