CVE-2009-2277
Summary
| CVE | CVE-2009-2277 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2010-04-01 19:30:00 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data." |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Vmware | Esx Server | 3.0.3 | All | All | All |
| Application | Vmware | Esx Server | 3.5 | All | All | All |
| Application | Vmware | Virtualcenter | 2.0.2 | All | All | All |
| Application | Vmware | Virtualcenter | 2.5 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| RETIRED: VMware WebAccess Multiple Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Patch |
| VMSA-2010-0005 | af854a3a-2127-422b-91ae-364da2661108 | www.vmware.com | Patch, Vendor Advisory |
| [Security-announce] VMSA-2010-0005 VMware products address vulnerabilities in WebAccess | af854a3a-2127-422b-91ae-364da2661108 | lists.vmware.com | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.