VMware fixes stored XSS vulnerability in ESXi hypervisor

News by Bradley Barth

VMware on Wednesday patched an important vulnerability in its ESXi hypervisor, part of its suite of VSphere virtualisation products, that could allow stored for cross-site scripting.

VMware on Wednesday patched an important vulnerability in its ESXi hypervisor, part of its suite of VSphere virtualization products, that could allow stored for cross-site scripting.

According to a VMware security advisory, attackers can exploit the flaw if they have permission to manage virtual machines through the ESXi Host Client, or if they con the vSphere administration into importing a specially crafted VM. Officially designated CVE-2016-7463, the vulnerability affects product versions 5.5 and 6.0, but not 6.5.

VMware has warned its users not to import VMs from untrusted sources. The company credited researcher Caleb Watt for discovering the issue.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events