VMware patched two cross-site scripting issues in several editions of its vRealize cloud software. These flaws could be exploited in stored XSS attacks and could result in the user’s workstation being compromised.
The input validation error exists in Linux versions of VMware vRealize Automation 6.x prior to 6.2.4 and vRealize Business Advanced and Enterprise 8.x prior to 8.2.5, VMware said in the advisory (VMSA-2016-0003). Linux users running affected versions should update to vRealize Automation 6.2.4 and vRealize Business Advanced and Enterprise 8.2.5 to address the problems. The issues do not affect vRealize Automation 7.x on Linux and 5.x on Windows, and vRealize Business 7.x and 6.x on Linux (vRealize Business Standard).
To read this article in full or to leave a comment, please click here