CVE-2020-3997

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 54.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon

Timeline

PublishedOct 23

Latest updateMay 24

Description

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5vmware_horizon_serverVMware Horizon Server (7.x prior to 7.10.3 or 7.13.0)

▶NVDvmware/horizon7.0 — 7.10.3+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-2g97-qvhf-wqw3: VMware Horizon Server (7↗2022-05-24

▶

CVEList

CVE-2020-3997: VMware Horizon Server (7↗2020-10-23

▶