High
A Stored Cross-Site Scripting (XSS) vulnerability in VMware ESXi exists. The VMware ESXi Host Client does not properly neutralize script-related HTML when viewing virtual machines attributes. A malicious actor with access to modify the system properties of a virtual machine from inside the guest os (such as changing the hostname of the virtual machine) may be able to inject malicious script which will be executed by a victim’s browser when viewing this virtual machine via the ESXi Host Client. |
Cross-Site Scripting |
VMware
VMware ESXi |
Refer to VMware security advisory for the list of upgraded patches.
https://www.vmware.com/security/advisories/VMSA-2020-0008.html