Vulnerabilities > Vmware > ESX Server > 3.0.3

DATE CVE VULNERABILITY TITLE RISK
2010-04-01 CVE-2010-1137 Cross-Site Scripting vulnerability in VMWare ESX Server, Server and Virtualcenter
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5, and the Server Console in VMware Server 1.0, allows remote attackers to inject arbitrary web script or HTML via the name of a virtual machine.
network
vmware CWE-79
4.3
4.3
2010-04-01 CVE-2010-0686 Improper Input Validation vulnerability in VMWare ESX Server, Server and Virtualcenter
WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, and VMware ESX 3.0.3 and 3.5 allows remote attackers to leverage proxy-server functionality to spoof the origin of requests via unspecified vectors, related to a "URL forwarding vulnerability."
network
low complexity
vmware CWE-20
7.5
7.5
2010-04-01 CVE-2009-2277 Cross-Site Scripting vulnerability in VMWare ESX Server and Virtualcenter
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
network
vmware CWE-79
4.3
4.3