VMware View Manager Portal Cross-site Scripting Vulnerability

Summary

VMware View is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Credit:

The information has been provided by Jeremy Conway.
The original article can be found at: http://www.securityfocus.com/bid/52526/info


Details

Vulnerable Systems:
 * VMWare View 4.6
 * VMWare View 4.0

Immune Systems:
 * VMWare View 4.6.1

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Vendor Status:
VMware had issued an update for this vulnerability

Patch Availability:
http://www.vmware.com/security/advisories/VMSA-2012-0004.html

CVE Information:
CVE-2012-1511

Disclosure Timeline:
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)

Categories: News