Volerion logoVolerion
Volerion logoVolerion

VMware Aria Operations Stored Cross-Site Scripting Vulnerability

Vulnerability

A stored cross-site scripting vulnerability has been identified in VMware Aria Operations. This issue allows a malicious actor with the ability to create custom benchmarks to inject scripts that could execute administrative actions within the application. The vulnerability is present in VMware Aria Operations versions 8.x, as well as in VMware Cloud Foundation, VMware Telco Cloud Platform, and VMware Telco Cloud Infrastructure, all running versions 5.x or 4.x.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

To address this vulnerability, users should upgrade to VMware Aria Operations version 8.18.6, or to VMware Cloud Foundation 9.0.2.0. Instructions for downloading these versions are available in the respective release notes.

Added: Feb 26, 2026, 12:44 AM
Updated: Feb 26, 2026, 12:44 AM

Vulnerability Rating

Custom Algorithm
spread
5.0
impact
3.5
exploitability
4.6
remediation
7.7
relevance
3.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.