CVE-2009-2277
Summary
| CVE | CVE-2009-2277 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-04-01 19:30:00 UTC |
| Updated | 2017-09-19 01:29:00 UTC |
| Description | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Esx Server | 3.0.3 | All | All | All |
| Application | Vmware | Esx Server | 3.5 | All | All | All |
| Application | Vmware | Esx Server | 3.0.3 | All | All | All |
| Application | Vmware | Esx Server | 3.5 | All | All | All |
| Application | Vmware | Virtualcenter | 2.0.2 | All | All | All |
| Application | Vmware | Virtualcenter | 2.5 | All | All | All |
| Application | Vmware | Virtualcenter | 2.0.2 | All | All | All |
| Application | Vmware | Virtualcenter | 2.5 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| RETIRED: VMware WebAccess Multiple Vulnerabilities | BID | www.securityfocus.com | Patch |
| VMSA-2010-0005 | CONFIRM | www.vmware.com | Patch, Vendor Advisory |
| Repository / Oval Repository | OVAL | oval.cisecurity.org | |
| [Security-announce] VMSA-2010-0005 VMware products address vulnerabilities in WebAccess | MLIST | lists.vmware.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.