CVE-2009-2277: XSS
First published: Thu Apr 01 2010(Updated: )
Cross-site scripting (XSS) vulnerability in WebAccess in VMware VirtualCenter 2.0.2 and 2.5 and VMware ESX 3.0.3 and 3.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "context data."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware ESX | =3.0.3 | |
| VMware ESX | =3.5 | |
| VMware vCenter | =2.0.2 | |
| VMware vCenter | =2.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-2277?
CVE-2009-2277 is classified as a medium severity vulnerability due to potential cross-site scripting (XSS) risks.
How do I fix CVE-2009-2277?
To address CVE-2009-2277, you should upgrade to a patched version of VMware VirtualCenter or VMware ESX.
Who is affected by CVE-2009-2277?
CVE-2009-2277 affects users of VMware VirtualCenter versions 2.0.2 and 2.5, as well as VMware ESX versions 3.0.3 and 3.5.
What impact does CVE-2009-2277 have?
CVE-2009-2277 allows remote attackers to execute arbitrary web scripts or HTML on affected systems.
Is CVE-2009-2277 easy to exploit?
CVE-2009-2277 has an easy exploitation vector due to its reliance on user input in web contexts.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/remedy
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/vmware
- canonical/vmware esx
- version/vmware esx/3.0.3
- version/vmware esx/3.5
- canonical/vmware vcenter
- version/vmware vcenter/2.0.2
- version/vmware vcenter/2.5