CVE-2010-1143

VMware View <3.1.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Alexey Sintsov · textwebappsmultiple

https://www.exploit-db.com/exploits/12610

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by Alexey Sintsov · textremotemultiple

https://www.exploit-db.com/exploits/33940

View Code ZIP pw:eip

References (6)

[Patch, Vendor Advisory] http://lists.vmware.com/pipermail/security-announce/2010/000092.html

[Patch, Vendor Advisory] http://www.vmware.com/security/advisories/VMSA-2010-0008.html

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16298

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/39949

[Third Party Advisory] http://security.gentoo.org/glsa/glsa-201209-25.xml

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023945

Scores

EPSS 0.0149

EPSS Percentile 80.9%

Classification

CWE

CWE-79

Status published

Affected Products (4)

vmware/view_manager

n/a/n/a

Timeline

Published May 07, 2010

Tracked Since Feb 18, 2026