Vulnerability Name:

CVE-2010-1143 (CCN-58371)

Assigned:2010-05-05
Published:2010-05-05
Updated:2017-09-19
Summary:Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1143

Source: MLIST
Type: Patch, Vendor Advisory
[security-announce] 20100505 VMSA-2010-0008 VMware View 3.1.3 addresses an important cross-site scripting vulnerability

Source: CCN
Type: SA39727
VMware View Cross-Site Scripting Vulnerability

Source: GENTOO
Type: UNKNOWN
GLSA-201209-25

Source: CCN
Type: SECTRACK ID: 1023945
VMware View Input Validation Flaw Permits Cross-Site Scripting Attacks

Source: SECTRACK
Type: UNKNOWN
1023945

Source: CCN
Type: OSVDB ID: 64440
VMware View View Manager Unspecified Parameter XSS

Source: BID
Type: UNKNOWN
39949

Source: CCN
Type: BID-39949
VMware View URL Processing Cross-site Scripting Vulnerability

Source: CCN
Type: VMSA-2010-0008
VMware View 3.1.3 addresses an important cross-site scripting vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0008.html

Source: XF
Type: UNKNOWN
view-view-manager-xss(58371)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:16298

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [05-14-2010]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:view_manager:3.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:view_manager:3.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:view_manager:3.1.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:16298
    V
    		VMware View 3.1.3 addresses an important cross-site scripting vulnerability
    2013-07-29
    BACK
    vmware view manager 3.1.1
    vmware view manager 3.1.2
    vmware view manager 3.1.3