VMware WebAccess Cross Site Scripting Vulnerability (Win) Network Vulnerability

Summary

This host is installed with VMWare Server and is prone to Cross site scripting Vulnerability.

Impact

Successful exploitation will lets attackers to execute arbitrary web script or HTML. Impact Level: Application

Solution

Apply workaround, http://www.vmware.com/resources/techresources/726 ***** NOTE: Ignore this warning, if above mentioned workaround is manually applied. *****

Insight

The flaw is due to error in 'Server Console' which is not properly validating the input data, which allows to inject arbitrary web script or HTML via the name of a virtual machine.

Affected

VMware Server version 1.0 on Windows.

References

http://lists.vmware.com/pipermail/security-announce/2010/000086.html
http://www.vmware.com/security/advisories/VMSA-2010-0005.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1137
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apple Safari 'setInterval()' Address Bar Spoofing Vulnerability (Win)
Apple QuickTime Multiple Arbitrary Code Execution Vulnerabilities (Win)
Apple Safari JavaScript Implementation Information Disclosure Vulnerability (Mac OS X)
Apple Safari Address Bar Spoofing Vulnerability june-10 (Win)
Adobe Reader Old Plugin Signature Bypass Vulnerability (Windows)

VMware WebAccess Cross Site Scripting vulnerability (Win)

Take action and discover your vulnerabilities