VMware vCenter Server updates address an important cross-site scripting issue

ID VMSA-2016-0006
Type vmware
Reporter VMware
Modified 2016-05-24T00:00:00


a. Reflected cross-site scripting issue through flash parameter injection

The vSphere Web Client contains a reflected cross-site scripting vulnerability that occurs through flash parameter injection. An attacker can exploit this issue by tricking a victim into clicking a malicious link. VMware would like to thank John Page aka hyp3rlinx for reporting this issue to us.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2016-2078 to this issue.

Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.