CVE-2020-3975: XSS
First published: Fri Aug 21 2020(Updated: )
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware App Volumes | >=2.0<2.18.6 | |
| VMware App Volumes | >=4<2006 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this VMware App Volumes vulnerability?
The vulnerability ID is CVE-2020-3975.
What is the severity of CVE-2020-3975?
The severity of CVE-2020-3975 is medium.
What is the affected software version range for this vulnerability?
The affected software versions are VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is CWE-79.
Is there a reference link for this vulnerability?
Yes, you can find more information about this vulnerability on the VMware Security Advisories page: https://www.vmware.com/security/advisories/VMSA-2020-0019.html.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/references
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware app volumes
- version/vmware app volumes/2.0
- version/vmware app volumes/4