VMware - Critical Security Update should be applied quickly
VMware is a great management product for server consolidation as it creates logical partitions on large corporate servers to run multiple operating systems efficiently. A critical security update has been issued and system administrators are urged to apply this patch quickly.
VMware ESX Server - Critical update for Cross Site Scripting Issue
Advisory ID : FrSIRT/ADV-2005-3084
Rated as : Moderate Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-24
Technical Description: A vulnerability has been identified in VMware ESX Server, which may be exploited by attackers to inject malicious HTML code. This flaw is due to an input validation error in the VMware Management Interface that does not properly validate certain parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Affected Products: WMware ESX Server 2.0.x, 2.1.x, 2.5.x
Solution: Apply latest VmWare Patches