VMWare has issued a patch fixing a Cross-Site Scripting vulnerability, rated as important, in VMware ESXi that could result in malicious script being executed by the victim’s browser.The issue, CVE-2020-3955, impacts ESXI versions 6.5 and 6.7 and is due to the ESXI host client not properly neutralizing script-related HTML when viewing virtual machines attributes. Version 7.0 already contains the patch so is unaffected.“A malicious actor with access to modify the system properties of a virtual machine from inside the guest os (such as changing the hostname of the virtual machine) may be able to inject malicious script which will be executed by a victim's browser when viewing this virtual machine via the ESXi Host Client,” VMWare reported.Patches are available for each of the versions 6.5 and 6.7.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds