Reporter Robert Garcia
Advisory: info.vmware.com Cross-Site Script Vulnerability (XSS) Advisory
ID: VMware Support Request 14479234605
Author: Roberto Garcia
Affected Software: Successfully tested on info.vmware.com Vendor URL:
htt://info.vmware.com Vendor Status: informed
The website "info.vmware.com" is prone to a XSS vulnerability.
This vulnerability involves the ability to inject arbitrary and unauthorized
hijack the users session, submit unauthorized transactions as the user,
steal confidential information, or simply deface the page.
PoC video is available at
- May 2014. I enrolled in an online course. They sent me an email
confirmation to see more information. I found a XSS in the URL where vmware
had the additional info.
- Report vuln May 20, 2014 via email to firstname.lastname@example.org
- Asked by email to send a POC. I sent a video with the POC.
- May 21, 2014. Asked by email to send the original email.
- May 23, 2014. Replied by email that the original address
(email@example.com) does not belong to them, then vmware.com is not
affected. I said them that the vuln was about info.vmware.com, it was not
the email address.
- Asked by email to go ahead and close this case on my behalf.
- Closed as fixed, still vulnerable.
Vulnerability found and advisory written by Roberto Garcia
Roberto Garcia Amoriz
Linkedin: Roberto Garcia