VMware NSX Edge is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
Information
Bugtraq ID: 101891Class: Input Validation Error
CVE: CVE-2017-4929
Remote: Yes
Local: No
Published: Nov 16 2017 12:00AM
Updated: Nov 16 2017 12:00AM
Credit: Jarad Kopf of Deltek and Issam Rabhi
Vulnerable: VMWare NSX Edge 6.3
VMWare NSX Edge 6.2.3
VMWare NSX Edge 6.2.2
VMWare NSX Edge 6.2.1
Not Vulnerable: VMWare NSX Edge 6.3.5
VMWare NSX Edge 6.2.9
Exploit
To exploit this issue an attacker must entice an unsuspecting victim into following a malicious URI.
References:
