CVE-2010-1143

VMware View Manager 3.1.x - Cross-Site Scripting

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2010-1143. PoCs published by Alexey Sintsov.

AI-analyzed exploit summary This advisory describes a linked XSS vulnerability in VMware View Portal versions <= 3.1. The vulnerability allows an attacker to inject JavaScript code into a URL, which is then executed in the context of the victim's browser.

Description

Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Alexey Sintsov · textwebappsmultiple

https://www.exploit-db.com/exploits/12610

View Code ZIP pw:eip

This advisory describes a linked XSS vulnerability in VMware View Portal versions <= 3.1. The vulnerability allows an attacker to inject JavaScript code into a URL, which is then executed in the context of the victim's browser.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: VMware View Portal <= 3.1

No auth needed

Prerequisites: Access to the VMware View Portal URL

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WRITEUP VERIFIED

by Alexey Sintsov · textremotemultiple

https://www.exploit-db.com/exploits/33940

View Code ZIP pw:eip

The provided text describes a cross-site scripting (XSS) vulnerability in VMware View versions prior to 3.1.3. It includes a basic example of an XSS payload but lacks executable exploit code.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Theoretical

Target: VMware View < 3.1.3

No auth needed

Prerequisites: A vulnerable VMware View instance · Ability to trick a user into clicking a malicious link

MITRE ATT&CK

T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6

Core References

Patch, Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2010-0008.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201209-25.xml

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1023945

Patch, Vendor Advisory mailing-list x_refsource_mlist

http://lists.vmware.com/pipermail/security-announce/2010/000092.html

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16298

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/39949

Scores

EPSS 0.0344

EPSS Percentile 87.4%

Details

CWE

CWE-79

Status published

Products (3)

vmware/view_manager 3.1.1

vmware/view_manager 3.1.2

vmware/view_manager 3.1.3

Published May 07, 2010

Tracked Since Feb 18, 2026