vulnerability

VMware vCenter Server: CVE-2017-4926 (VMSA-2017-0015)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
3	(AV:N/AC:M/Au:S/C:N/I:P/A:N)	Sep 15, 2017	Jan 20, 2026	Jan 20, 2026

Severity

CVSS

(AV:N/AC:M/Au:S/C:N/I:P/A:N)

Published

Sep 15, 2017

Added

Jan 20, 2026

Modified

Jan 20, 2026

Description

VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker with VC user privileges can inject malicious java-scripts which will get executed when other VC users access the page.

Solution

vmware-vcenter-server-upgrade-latest

References

CVE-2017-4926
https://attackerkb.com/topics/CVE-2017-4926
URL-http://www.securityfocus.com/bid/100844
URL-http://www.securitytracker.com/id/1039364
URL-https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23511
CWE-79

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today