Description
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
References (4)
Core 4
Core References
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/39037
Patch, Vendor Advisory mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000086.html
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0005.html
Third Party Advisory, VDB Entry vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7080
Scores
EPSS
0.0037
EPSS Percentile
58.6%
Details
CWE
CWE-79
Status
published
Products (4)
vmware/esx_server
3.0.3
vmware/esx_server
3.5
vmware/virtualcenter
2.0.2
vmware/virtualcenter
2.5
Published
Apr 01, 2010
Tracked Since
Feb 18, 2026