CVE-2017-4926
published 2017-09-15CVE-2017-4926: VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges…
medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | fusion_pro | — | — |
| vmware | vcenter_server | — | — |
| vmware | vcenter_server | — | — |
| vmware | vmware_esxi | — | — |
| vmware | vmware_fusion | — | — |
| vmware | vmware_vcenter_server | — | — |
| vmware | vmware_workstation | — | — |
| vmware | vsphere | — | — |
| vmware | workstation_player | — | — |
| vmware | workstation_pro | — | — |