CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-22944 – VMware Security Advisory 2022-0006
https://notcve.org/view.php?id=CVE-2022-22944
24 Feb 2022 — VMware Workspace ONE Boxer contains a stored cross-site scripting (XSS) vulnerability. Due to insufficient sanitization and validation, in VMware Workspace ONE Boxer calendar event descriptions, a malicious actor can inject script tags to execute arbitrary script within a user's window. VMware Workspace ONE Boxer contiene una vulnerabilidad de tipo cross-site scripting (XSS) almacenada. Debido a un saneamiento y comprobación insuficientes, en las descripciones de eventos de calendario de VMware Workspace ON... • https://www.vmware.com/security/advisories/VMSA-2022-0006.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.9EPSS: 0%CPEs: 12EXPL: 0CVE-2020-3940
https://notcve.org/view.php?id=CVE-2020-3940
17 Jan 2020 — VMware Workspace ONE SDK and dependent mobile application updates address sensitive information disclosure vulnerability. VMware Workspace ONE SDK y las actualizaciones de aplicaciones móviles dependientes abordan la vulnerabilidad de divulgación de información confidencial. • https://www.vmware.com/security/advisories/VMSA-2020-0001.html • CWE-295: Improper Certificate Validation •