Volerion logoVolerion
Volerion logoVolerion

VMware Cloud Foundation Operations Stored Cross-Site Scripting Vulnerability

Vulnerability

Multiple stored cross-site scripting vulnerabilities have been identified in VMware Cloud Foundation Operations. A malicious actor with the ability to create policies, views, or text widgets could inject scripts to execute administrative actions within the application. These vulnerabilities are present in VMware Cloud Foundation 9.0.x.x, 9.1.x.x, and VMware Aria Operations versions 8.x.

Impact

Exploitation of these vulnerabilities allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Remediation

Users can upgrade to VMware Cloud Foundation 9.1.0.0 or 9.0.2.0 EP2. VMware Aria Operations users should upgrade to version 8.18.7 or 8.18.6. For VMware Cloud Foundation 5.x or VMware Telco Cloud Platform 5.x, consult the respective Broadcom knowledge articles.

Added: Jun 8, 2026, 9:24 AM
Updated: Jun 8, 2026, 9:24 AM

Vulnerability Rating

Custom Algorithm
spread
0.0
impact
5.4
exploitability
5.0
remediation
0.0
relevance
9.2
threat
0.0
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.