Vulnerabilities > CVE-2005-3619 - Unspecified vulnerability in VMWare ESX

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

vmware

NVD

Published: 2005-12-31

Updated: 2018-10-30

Summary

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files. This vulnerability is addressed in the following product releases: VMware, ESX Server, 2.5.2 upgrade patch 2, and later VMware, ESX Server, 2.1.2 upgrade patch 6, and later VMware, ESX Server, 2.0.1 upgrade patch 6, and later

Vulnerable Configurations

Part	Description	Count
OS	Vmware Vmware ESX 2.0 Vmware ESX 2.0.1 Vmware ESX 2.1.1 Vmware ESX 2.1.2 Vmware ESX 2.5 Vmware ESX 2.5.2	6

Summary

Vulnerable Configurations

References