CVE-2017-4940Cross-site Scripting in Vmware Esxi

CWE-79Cross-site Scripting3 documents3 sources
Severity
6.1MEDIUMNVD
EPSS
0.2%
top 54.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Esxi
Timeline
PublishedDec 20
Latest updateMay 13

Description

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

CVEListV5vmware/esxi5.5 before ESXi550-201709102-SG), 6.0 before ESXi600-201711103-SG, 6.5 before ESXi650-201712103-SG+2
NVDvmware/esxi5.5, 6.0, 6.5+2

🔴Vulnerability Details

2
GHSA
GHSA-29hc-rp6w-74v3: The ESXi Host Client in VMware ESXi (62022-05-13
CVEList
CVE-2017-4940: The ESXi Host Client in VMware ESXi (62017-12-20
CVE-2017-4940 — Cross-site Scripting in Vmware Esxi | cvebase