Stored Cross-Site Scripting (XSS) Vulnerability in VMware ESXi Host Client

Stored Cross-Site Scripting (XSS) Vulnerability in VMware ESXi Host Client

CVE-2017-4940 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

Learn more about our Cis Benchmark Audit For Vmware.