CVE-2020-3953Improper Input Validation in Vmware Vrealize LOG Insight

CWE-20Improper Input ValidationCWE-79Cross-site Scripting4 documents4 sources
Severity
4.8MEDIUMNVD
EPSS
0.3%
top 44.62%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Vrealize LOG Insight
Timeline
PublishedApr 15
Latest updateMay 24

Description

Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NExploitability: 1.7 | Impact: 2.7

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-5jp2-26h4-r89j: Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 82022-05-24
CVEList
CVE-2020-3953: Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 82020-04-15

📋Vendor Advisories

1
VMware
VMware vRealize Log Insight addresses Cross Site Scripting (XSS) and Open Redirect vulnerabilities (CVE-2020-3953, CVE-2020-3954)2020-04-14
CVE-2020-3953 — Improper Input Validation in Vmware | cvebase