CVE-2021-22021
published 2021-08-30CVE-2021-22021: VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user…
medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| vmware | cloud_foundation | >= 4.0 < 4.3 | 4.3 |
| vmware | vrealize_log_insight | 4.0 – 4.8 | — |
| vmware | vrealize_log_insight | >= 8.0.0 < 8.4 | 8.4 |