Description
Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.
References (3)
Core 3
Core References
Exploit, Vendor Advisory x_refsource_misc
http://www.corsaire.com/advisories/c051114-002.txt
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435610/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/435888/100/0/threaded
Scores
EPSS
0.0094
EPSS Percentile
76.5%
Details
Status
published
Products (6)
vmware/esx
2.0
vmware/esx
2.0.1
vmware/esx
2.1.1
vmware/esx
2.1.2
vmware/esx
2.5
vmware/esx
2.5.2
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026