The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: vmware

Published:

Updated: 2024-09-17T03:02:37.214Z

Reserved: 2016-12-26T00:00:00

Link: CVE-2017-4940

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2017-12-20T15:29:00.247

Modified: 2025-04-20T01:37:25.860

Link: CVE-2017-4940

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.