VMware View Manager Portal Cross-site Scripting Vulnerability


VMware View is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.


The information has been provided by Jeremy Conway.
The original article can be found at: http://www.securityfocus.com/bid/52526/info


Vulnerable Systems:
 * VMWare View 4.6
 * VMWare View 4.0

Immune Systems:
 * VMWare View 4.6.1

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Vendor Status:
VMware had issued an update for this vulnerability

Patch Availability:

CVE Information:

Disclosure Timeline:
Issue date: 2012-03-15
Updated on: 2012-03-15 (initial advisory)

Categories: News