VMware vRealize Automation 6.x < 6.2.4 Unspecified Stored XSS (VMSA-2016-0003)
Low Nessus Plugin ID 90763
SynopsisA device management application running on the remote host is affected by a stored cross-site-scripting vulnerability.
DescriptionThe VMware vRealize Automation application running on the remote host is 6.x prior to 6.2.4. It is, therefore, affected by an unspecified stored cross-site scripting vulnerability due to improper validation of user-supplied input. A remote attacker can exploit this by convincing a user to follow a specially crafted request, resulting in the execution of arbitrary script code in a user's browser session.
SolutionUpgrade to VMware vRealize Automation version 6.2.4 or later.