Vulnerability Details CVE-2021-22021
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2021-22021
-
cpe:2.3:a:vmware:cloud_foundation:4.0
-
cpe:2.3:a:vmware:cloud_foundation:4.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1
-
cpe:2.3:a:vmware:cloud_foundation:4.1.0.1
-
cpe:2.3:a:vmware:cloud_foundation:4.2
-
cpe:2.3:a:vmware:cloud_foundation:4.2.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.0
-
cpe:2.3:a:vmware:vrealize_log_insight:4.3
-
cpe:2.3:a:vmware:vrealize_log_insight:4.5
-
cpe:2.3:a:vmware:vrealize_log_insight:4.5.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.6.2
-
cpe:2.3:a:vmware:vrealize_log_insight:4.7
-
cpe:2.3:a:vmware:vrealize_log_insight:4.7.1
-
cpe:2.3:a:vmware:vrealize_log_insight:4.8
-
cpe:2.3:a:vmware:vrealize_log_insight:8.0.0
-
cpe:2.3:a:vmware:vrealize_log_insight:8.1.0