Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks Publisher 6.x through 8.x; WebWorks Publisher 2003; and WebWorks ePublisher 9.0.x through 9.3, 2008.1 through 2008.4, and 2009.x before 2009.3 allow remote attackers to inject arbitrary web script or HTML via (1) wwhelp_entry.html, reachable through index.html and wwhsec.htm, (2) wwhelp/wwhimpl/api.htm, (3) wwhelp/wwhimpl/common/html/frameset.htm, (4) wwhelp/wwhimpl/common/scripts/switch.js, or (5) the window.opener component in wwhelp/wwhimpl/common/html/bookmark.htm, related to (a) unspecified parameters and (b) messages used in topic links for the bookmarking functionality.

Related Weaknesses

Metrics

EPSS

EPSS Score

EPSS Percentile

Products Mentioned

Configuraton 0

Webworks>>Epublisher >> Version 9.0

Webworks>>Epublisher >> Version 9.1

Webworks>>Epublisher >> Version 9.2

Webworks>>Epublisher >> Version 9.3

Webworks>>Epublisher >> Version 2008.1

Webworks>>Epublisher >> Version 2008.2

Webworks>>Epublisher >> Version 2008.3

Webworks>>Epublisher >> Version 2008.4

Webworks>>Epublisher >> Version 2009.1

Webworks>>Epublisher >> Version 2009.2

Webworks>>Help >> Version 2.0

Webworks>>Help >> Version 3.0

Webworks>>Help >> Version 4.0

Webworks>>Help >> Version 5.0

Webworks>>Publisher >> Version 6.0

Webworks>>Publisher >> Version 7.0

Webworks>>Publisher >> Version 8.0

Webworks>>Publisher >> Version 2003

Configuraton 0

Vmware>>Vcenter >> Version 4.0

Microsoft>>Windows >> Version *

• Microsoft>>Windows >> Version - (Open CPE detail)
• Microsoft>>Windows >> Version - (Open CPE detail)
• Microsoft>>Windows >> Version - (Open CPE detail)
• Microsoft>>Windows >> Version 1.0 (Open CPE detail)
• Microsoft>>Windows >> Version 2.0 (Open CPE detail)
• Microsoft>>Windows >> Version 3.0 (Open CPE detail)
• Microsoft>>Windows >> Version 3.1 (Open CPE detail)
• Microsoft>>Windows >> Version 3.11 (Open CPE detail)
• Microsoft>>Windows >> Version 2000 (Open CPE detail)
• Microsoft>>Windows >> Version 2000 (Open CPE detail)
• Microsoft>>Windows >> Version server_2008 (Open CPE detail)
• Microsoft>>Windows >> Version server_2008 (Open CPE detail)
• Microsoft>>Windows >> Version server_2008 (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)
• Microsoft>>Windows >> Version vista (Open CPE detail)

Configuraton 0

Vmware>>Esx_server >> Version 4.0

Vmware>>Lab_manager >> Version 2.0

Vmware>>Server >> Version 2.0.2

• Vmware>>Server >> Version 2.0.2 (Open CPE detail)

Vmware>>Stage_manager >> Version To (including) 4.0

Vmware>>Stage_manager >> Version 1.0

Vmware>>Vcenter_lab_manager >> Version 3.0

Vmware>>Vcenter_lab_manager >> Version 3.0.1

Vmware>>Vcenter_lab_manager >> Version 3.0.2

Vmware>>Vcenter_lab_manager >> Version 4.0

Vmware>>Vcenter_stage_manager >> Version 1.0.1

References