Arbitrary Web Script Injection in vSphere Web Client

Arbitrary Web Script Injection in vSphere Web Client

CVE-2015-6931 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the vSphere Web Client in VMware vCenter Server 5.0 before U3g, 5.1 before U3d, and 5.5 before U2d allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

Learn more about our Web App Pen Testing.