CVE-2022-31655
https://notcve.org/view.php?id=CVE-2022-31655
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in alerts. VMware vRealize Log Insight en versiones anteriores a la 8.8.2 contienen una vulnerabilidad de tipo cross-site scripting almacenado debido a una saneo de entrada inapropiado en las alertas • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-31654
https://notcve.org/view.php?id=CVE-2022-31654
VMware vRealize Log Insight in versions prior to 8.8.2 contain a stored cross-site scripting vulnerability due to improper input sanitization in configurations. VMware vRealize Log Insight en versiones anteriores a 8.8.2, contienen una vulnerabilidad de tipo cross-site scriptings almacenado debido a un saneo de entrada inapropiado en las configuraciones • https://www.vmware.com/security/advisories/VMSA-2022-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-22021
https://notcve.org/view.php?id=CVE-2021-22021
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. VMware vRealize Log Insight (versiones 8.x anteriores a 8.4) contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) debido a una comprobación inapropiada de la entrada del usuario. Un atacante con privilegios de usuario puede ser capaz de inyectar una carga útil maliciosa por medio de la interfaz de usuario de Log Insight que se ejecutaría cuando la víctima acceda al enlace del panel compartido. • https://www.vmware.com/security/advisories/VMSA-2021-0019.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-3953
https://notcve.org/view.php?id=CVE-2020-3953
Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de tipo Cross Site Scripting (XSS) en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-3954
https://notcve.org/view.php?id=CVE-2020-3954
Open Redirect vulnerability exists in VMware vRealize Log Insight prior to 8.1.0 due to improper Input validation. Hay una vulnerabilidad de Redireccionamiento Abierto en VMware vRealize Log Insight versiones anteriores a 8.1.0, debido a una comprobación de entrada inapropiada. • https://www.vmware.com/security/advisories/VMSA-2020-0007.html • CWE-20: Improper Input Validation CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •