5 matches found
CVE-2022-31654
CVE-2022-31654 affects VMware vRealize Log Insight prior to 8.8.2. The issue is a stored cross-site scripting (XSS) vulnerability caused by improper input sanitization in configurations, enabling malicious input to be stored and potentially executed in the context of an admin-facing interface. Th...
CVE-2022-31655
CVE-2022-31655 affects VMware vRealize Log Insight before 8.8.2. The issue is a stored cross-site scripting vulnerability caused by improper input sanitization in alerts, as documented by Red Hat, NVD, and VMware advisories. The vulnerability arises in the alert configuration/input path and can b...
CVE-2021-22035
CVE-2021-22035 affects VMware vRealize Log Insight (8.x, prior to 8.6). A CSV injection vulnerability exists in the interactive analytics export function, allowing an authenticated user with non-administrative privileges to embed untrusted data in a CSV export, potentially executing in the user’s...
CVE-2020-3953
CVE-2020-3953 (and CVE-2020-3954) affect VMware vRealize Log Insight prior to 8.1.0 (and 4.x) due to improper input validation. Root cause: input validation failure enabling Cross Site Scripting (XSS) in the UI. Impact described as stored XSS potentially allowing payloads to execute in other user...
CVE-2020-3954
CVE-2020-3954 is an Open Redirect vulnerability in VMware vRealize Log Insight caused by improper input validation. The VMware VMSA-2020-0007 advisory and accompanying tables indicate impact on vRealize Log Insight 8.x (and 4.x) with Open Redirect exploitable via crafted URLs, enabling phishing-s...