VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2021-0019.html | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2021-08-30T18:06:13
Updated: 2021-08-30T18:06:13
Reserved: 2021-01-04T00:00:00
Link: CVE-2021-22021
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-08-30T19:15:08.457
Modified: 2021-09-02T17:26:56.537
Link: CVE-2021-22021
JSON object: View
Redhat Information
No data.
CWE