a. VMware vCSA cross-site scripting vulnerabilityVMware vCenter Server Appliance (vCSA) contains a vulnerability that may allow for Cross Site Scripting. Exploitation of this vulnerability in vCenter Server requires tricking a user to click on a malicious link or to open a malicious web page. VMware would like to thank Tanya Secker of Trustwave SpiderLabs for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2014-3797 to this issue. Column 4 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2877
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4238
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0138
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3797
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8371
www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html