CVE-2024-22277Cross-site Scripting in Vmware Cloud Director

CWE-79Cross-site ScriptingCWE-80Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)3 documents3 sources
Severity
5.4MEDIUMNVD
CNA6.4
EPSS
0.1%
top 64.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Vmware Cloud Director
Timeline
PublishedJul 4

Description

VMware Cloud Director Availability contains an HTML injection vulnerability. A malicious actor with network access to VMware Cloud Director Availability can craft malicious HTML tags to execute within replication tasks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages1 packages

NVDvmware/cloud_director4.0.04.7.2

🔴Vulnerability Details

2
GHSA
GHSA-3h4r-2q6q-wfr8: VMware Cloud Director Availability contains an HTML injection vulnerability2024-07-04
CVEList
CVE-2024-22277: VMware Cloud Director Availability contains an HTML injection vulnerability2024-07-04
CVE-2024-22277 — Cross-site Scripting in Vmware | cvebase