This script is Copyright (C) 2010-2017 Tenable Network Security, Inc.
The remote web server has a cross-site scripting vulnerability.
The version of VMware vCenter Update Manager running on the remote
host has a cross-site scripting vulnerability. This is due to a bug
in Jetty, the underlying web server. When Jetty displays a directory
listing, arbitrary text can be inserted into the page.
A remote attacker could exploit this by tricking a user into making a
maliciously crafted request, resulting in the execution of arbitrary
It is likely this version of Update Manager also has a directory
traversal vulnerability, though Nessus did not check for that issue.
See also :
Apply the update referenced in VMware's advisory.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true