CVE-2005-3619 | Vulnerability Database | Aqua Security

NVD

https://nvd.nist.gov/vuln/detail/CVE-2005-3619

CWE

https://cwe.mitre.org/data/definitions/NVD-Other.html

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.

Affected Software

Name	Vendor	Start Version	End Version
Esx	Vmware	2.0 (including)	2.0 (including)
Esx	Vmware	2.0.1 (including)	2.0.1 (including)
Esx	Vmware	2.1.1 (including)	2.1.1 (including)
Esx	Vmware	2.1.2 (including)	2.1.2 (including)
Esx	Vmware	2.5 (including)	2.5 (including)
Esx	Vmware	2.5.2 (including)	2.5.2 (including)

References

http://www.corsaire.com/advisories/c051114-002.txt
http://www.securityfocus.com/archive/1/435610/100/0/threaded
http://www.securityfocus.com/archive/1/435888/100/0/threaded