CVE-2020-3955 — Cross-site Scripting in Vmware Esxi
Severity
9.3CRITICALNVD
EPSS
1.2%
top 21.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 29
Latest updateMay 24
Description
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.3.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.8
Affected Packages2 packages
▶CVEListV5vmware/esxiESXi 6.5 without patch ESXi650-201912104-SG, ESXi 6.7 without patch ESXi670-202004103-SG+1