VMware View 3.1.3 addresses an important cross-site scripting vulnerability

VMware View 3.1.3 addresses an cross-site scripting vulnerability in VMware View. In order for an attacker to exploit the vulnerability, the attacker would need to lure the user to click on the attacker’s URL. VMware would like to thank Alexey Sintsov from Digital Security Research Group [DSecRG] for reporting this issue to us. The issue is identifed as DSECRG-09-058 by Digital Security Research Group. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2010-1143 to this issue. The VMware has rated this issue as important according the the VMware security response policy. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.