VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim’s browser when viewing.
CPE | Name | Operator | Version |
---|---|---|---|
app_volumes | ge | 4 | |
app_volumes | lt | 2006 | |
app_volumes | ge | 2.0 | |
app_volumes | lt | 2.18.6 |