Lucene search

[email protected]CVE-2010-1137

HistoryApr 01, 2010 - 7:30 p.m.

CVE-2010-1137

2010-04-0119:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-1137

cross-site scripting

xss

vmware

virtualcenter

esx

server

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.

Affected configurations

NVD

Node

vmwarevirtualcenterMatch2.0.2

vmwarevirtualcenterMatch2.5

Node

vmwareserverMatch1.0

Node

vmwareesx_serverMatch3.0.3

vmwareesx_serverMatch3.5

CPENameOperatorVersion
vmware:virtualcentervmware virtualcentereq2.0.2
vmware:virtualcentervmware virtualcentereq2.5

CPE	Name	Operator	Version
vmware:virtualcenter	vmware virtualcenter	eq	2.0.2
vmware:virtualcenter	vmware virtualcenter	eq	2.5

References

lists.vmware.com/pipermail/security-announce/2010/000086.html

security.gentoo.org/glsa/glsa-201209-25.xml

www.securityfocus.com/bid/39037

www.securitytracker.com/id?1023769

www.vmware.com/security/advisories/VMSA-2010-0005.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6863

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for CVE-2010-1137

cvelist1 openvas6 prion1 nvd1 securityvulns2 vmware1 nessus1 gentoo1