VMware vCenter Server 6.5.x < 6.5u1 H5 Client Stored XSS (VMSA-2017-0015)
Medium Nessus Plugin ID 103377
SynopsisA virtualization management application installed on the remote host is affected by a stored cross-site scripting vulnerability.
DescriptionThe version of VMware vCenter Server installed on the remote host is 6.5.x prior to 6.5u1. It is, therefore, affected by a user-input validation error related to the 'H5 Client' that allows stored cross-site scripting (XSS) attacks.
SolutionUpgrade to VMware vCenter Server version 6.5.0u1 (6.5.0 build-5973321) or later. Alternatively, apply the vendor-supplied workaround.