Primary

Context

VMware NSX Stored Cross-Site Scripting Vulnerability in Manager UI

Vulnerability

Patched

A stored Cross-Site Scripting (XSS) vulnerability has been identified in the VMware NSX Manager UI. This issue arises from inadequate input validation, allowing a malicious actor with the ability to create or modify network settings to inject harmful code. The injected code is executed when the network settings are viewed.

Impact

Exploitation of this vulnerability allows for stored Cross-Site Scripting, where injected scripts are executed in the context of the user viewing the affected content.

Remediation

Users can upgrade to VMware NSX versions 4.2.2.1, 4.2.1.4, 4.1.2.6, or 4.0.x. For VMware Cloud Foundation, versions 5.2.x, 5.1.x, and 5.0.x are also available. VMware NSX-T users can upgrade to version 3.2.4.2. VMware Cloud Foundation 4.5.x and VMware Telco Cloud Platform users can refer to specific KB articles for patching guidance.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

1.7

exploitability

4.6

remediation

7.7

relevance

0.1

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

VMware NSX Stored Cross-Site Scripting Vulnerability in Manager UI

Vulnerability

Impact

Remediation

Affected Products

VMware NSX

VMware NSX-T

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating