3 matches found
CVE-2020-3975
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting XSS vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim'...
CVE-2020-3975
CVE-2020-3975 describes a Stored XSS issue in VMware App Volumes for 2.x (pre-2.18.6) and 4.x (pre-2006). The root cause is inadequate input validation when creating/editing applications or storage groups, enabling a malicious actor with those permissions to inject script executed in a victim’s b...
VMware App Volumes patches address Stored Cross-Site Scripting (XSS) vulnerability (CVE-2020-3975)
3a. Advisory Details VMware App Volumes does not correctly validate user input when creating and editing applications or creating storage groups. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.5...