VMware WebAccess JSON Cross-site Scripting Vulnerabliity
BID:39105
Info
VMware WebAccess JSON Cross-site Scripting Vulnerabliity
| Bugtraq ID: | 39105 |
| Class: | Input Validation Error |
| CVE: |
CVE-2010-1193 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2010 12:00AM |
| Updated: | Apr 01 2010 10:22AM |
| Credit: | Nathan Keltner |
| Vulnerable: |
VMWare Server 2.0.2 VMWare Server 2.0.1 VMWare Server 2.0 |
| Not Vulnerable: | |
Discussion
VMware WebAccess JSON Cross-site Scripting Vulnerabliity
VMware WebAccess is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
VMware Server 2.0 is affected.
This issue was originally published as part of BID 39037 (VMware WebAccess Multiple Vulnerabilities). It is being assigned a new BID to better document the issue.
VMware WebAccess is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
VMware Server 2.0 is affected.
This issue was originally published as part of BID 39037 (VMware WebAccess Multiple Vulnerabilities). It is being assigned a new BID to better document the issue.
Exploit / POC
VMware WebAccess JSON Cross-site Scripting Vulnerabliity
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.
Solution / Fix
VMware WebAccess JSON Cross-site Scripting Vulnerabliity
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].
References
VMware WebAccess JSON Cross-site Scripting Vulnerabliity
References:
References: