漏洞描述
VMware Aria Operations存在存储型跨站脚本漏洞。此漏洞是由于loginbanner接口对于用户输入的请求校验不正确导致的。
VMware Aria Operations LoginBanner 存储型跨站脚本漏洞
PoC代码
暂无相关漏洞推荐
- (CVE-2025-41252) VMware NSX未认证的用户名枚举漏洞
- (CVE-2025-41246) VMware Tools for Windows授权不当漏洞
- (CVE-2025-41250)VMware vCenter SMTP头部注入漏洞
- CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- POC CVE-2020-11853: Micro Focus Operations Bridge Manager <=2020.05 - Remote Code Execution
- POC CVE-2021-21972: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-21973: VMware vSphere - Server-Side Request Forgery
- POC CVE-2021-21975: vRealize Operations Manager API - Server-Side Request Forgery
- POC CVE-2021-21978: VMware View Planner <4.6 SP1- Remote Code Execution
- POC CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution
- POC CVE-2021-22005: VMware vCenter Server - Arbitrary File Upload
- POC CVE-2021-22502: Micro Focus Operations Bridge Reporter - Remote Code Execution
- POC CVE-2022-22954: VMware Workspace ONE Access - Server-Side Template Injection