VMWare ESX Server crossite scripting and password leak

2006-08-0200:00:00

BUGTRAQ

vulners.com

Management Interface crossite scripting. Additionally, cleartext password is contained in session cookie and server log files.

CPENameOperatorVersion
vmware esx servereq2.0
vmware esx servereq2.5
vmware esx servereq2.1

Name	Operator	Version
vmware esx server	eq	2.0
vmware esx server	eq	2.5
vmware esx server	eq	2.1

References

vulners.com/securityvulns/securityvulns:doc:12939

vulners.com/securityvulns/securityvulns:doc:12954

vulners.com/securityvulns/securityvulns:doc:13690

vulners.com/securityvulns/securityvulns:doc:13691

vulners.com/securityvulns/securityvulns:doc:13692

vulners.com/securityvulns/securityvulns:doc:13709