VMware NSX Edge CVE-2017-4929 Cross site Scripting Vulnerability



VMware NSX Edge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Information

Bugtraq ID: 101891
Class: Input Validation Error
CVE: CVE-2017-4929

Remote: Yes
Local: No
Published: Nov 16 2017 12:00AM
Updated: Nov 16 2017 12:00AM
Credit: Jarad Kopf of Deltek and Issam Rabhi
Vulnerable: VMWare NSX Edge 6.3
VMWare NSX Edge 6.2.3
VMWare NSX Edge 6.2.2
VMWare NSX Edge 6.2.1


Not Vulnerable: VMWare NSX Edge 6.3.5
VMWare NSX Edge 6.2.9


Exploit


To exploit this issue an attacker must entice an unsuspecting victim into following a malicious URI.


Related Posts