CVE-2015-6931

MEDIUM

VMware vCenter Server 5.0-5.5 - Cross-Site Scripting via Crafted URL

Title source: llm
STIX 2.1

Description

Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1036112
Patch, Vendor Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2016-0009.html

Scores

CVSS v3 6.1
EPSS 0.0016
EPSS Percentile 36.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (3)
vmware/vcenter_server 5.0
vmware/vcenter_server 5.1
vmware/vcenter_server 5.5
Published Jul 03, 2016
Tracked Since Feb 18, 2026