Vulnerability Details CVE-2020-3975
VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject malicious script which will be executed by a victim's browser when viewing.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.4%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2020-3975
-
cpe:2.3:a:vmware:app_volumes:2.0
-
cpe:2.3:a:vmware:app_volumes:2.10
-
cpe:2.3:a:vmware:app_volumes:2.11
-
cpe:2.3:a:vmware:app_volumes:2.12
-
cpe:2.3:a:vmware:app_volumes:2.12.1
-
cpe:2.3:a:vmware:app_volumes:2.13
-
cpe:2.3:a:vmware:app_volumes:2.13.3
-
cpe:2.3:a:vmware:app_volumes:2.14
-
cpe:2.3:a:vmware:app_volumes:2.15
-
cpe:2.3:a:vmware:app_volumes:2.16
-
cpe:2.3:a:vmware:app_volumes:2.17
-
cpe:2.3:a:vmware:app_volumes:2.18
-
cpe:2.3:a:vmware:app_volumes:2.18.2
-
cpe:2.3:a:vmware:app_volumes:2.18.4
-
cpe:2.3:a:vmware:app_volumes:2.9
-
cpe:2.3:a:vmware:app_volumes:4