Lucene search

K
cvelistVmwareCVELIST:CVE-2017-4940
HistoryDec 20, 2017 - 3:00 p.m.

CVE-2017-4940

2017-12-2015:00:00
vmware
www.cve.org
8
vmware
esxi
host
xss
vulnerability
cross-site scripting

AI Score

7

Confidence

High

EPSS

0.001

Percentile

32.7%

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

CNA Affected

[
  {
    "product": "ESXi",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "6.5 before ESXi650-201712103-SG"
      },
      {
        "status": "affected",
        "version": "6.0 before ESXi600-201711103-SG"
      },
      {
        "status": "affected",
        "version": "5.5 before ESXi550-201709102-SG)"
      }
    ]
  }
]

AI Score

7

Confidence

High

EPSS

0.001

Percentile

32.7%

Related for CVELIST:CVE-2017-4940