CVE-2005-4583

Published: Dec 29, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).

Affected (6)

Products: Vmware: Esx

Vmware

1 product

Esx

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 2.0.1
Vmware Esx	Version 2.0
Vmware Esx	Version 2.1.1
Vmware Esx	Version 2.1.2
Vmware Esx	Version 2.5.2
Vmware Esx	Version 2.5

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://secunia.com/advisories/18250

Source: cve@mitre.org

PatchVendor Advisory

http://securitytracker.com/id?1015422

Source: cve@mitre.org

ExploitPatch

http://www.osvdb.org/22119

Source: cve@mitre.org

Patch

http://www.securityfocus.com/bid/16086

Source: cve@mitre.org

Patch

http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001

Source: cve@mitre.org

Patch

http://www.vupen.com/english/advisories/2005/3084

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/18250