CVE-2017-4940
MEDIUMVMware ESXi - Stored Cross-Site Scripting in Host Client
Title source: llmDescription
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2017-0021.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1040024
Scores
CVSS v3
6.1
EPSS
0.0015
EPSS Percentile
34.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (2)
vmware/esxi
5.5 (6 CPE variants)
vmware/esxi
6.0 (44 CPE variants)
Published
Dec 20, 2017
Tracked Since
Feb 18, 2026