4 matches found
CVE-2020-3955
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...
VMSA-2020-0008 : VMware ESXi patches address Stored Cross-Site Scripting (XSS) vulnerability
a. VMware ESXi patches address Stored Cross-Site Scripting XSS vulnerability CVE-2020-3955 Description : The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. A malicious actor with access to modify the system properties of a virtua...
CVE-2020-3955
ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base sco...
CVE-2020-3955
CVE-2020-3955 affects VMware ESXi 6.5 and 6.7 via a stored XSS in the ESXi Host Client when viewing virtual machine attributes. The underlying issue is improper neutralization of script-related HTML, allowing an authenticated attacker who can modify VM properties (e.g., hostname) to inject script...