You are here

U-276: VMware vCenter Operations Cross-Site Scripting Vulnerability

October 8, 2012 - 7:00am

Addthis

PROBLEM:

VMware vCenter Operations Cross-Site Scripting Vulnerability

PLATFORM:

VMware vCenter Operations 1.x

ABSTRACT:

A vulnerability has been reported in VMware vCenter Operations, which can be exploited by malicious people to conduct cross-site scripting attacks.

reference LINKS:

Original Advisory
Secunia Advisory SA50795
CVE-2012-5050

IMPACT ASSESSMENT:

Medium

Discussion:

Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Impact:

A vulnerability in VMware vCenter Operations, which can be exploited to conduct cross-site scripting attacks.

Solution:

Upgrade to version 5.0.x.

Addthis