Back to search
CVE-2017-4940
Published: Dec 20, 2017
Modified: Sep 17, 2024
PUBLISHED
Description
The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
| Vendor | Product | Versions |
|---|---|---|
VMware | ESXi | affected 6.5 before ESXi650-201712103-SGaffected 6.0 before ESXi600-201711103-SGaffected 5.5 before ESXi550-201709102-SG) |
References
https://www.vmware.com/security/advisories/VMSA-2017-0021.html
x_refsource_CONFIRM
1040024
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now