VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.
Metrics
Affected Vendors & Products
No data.
No data.
No data.
References
History
Thu, 13 Mar 2025 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-79 |
Wed, 12 Feb 2025 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 30 Jan 2025 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration. | |
| Title | VMware Aria Operations for Logs stored cross-site scripting vulnerability (CVE-2025-22221) | |
| References |
| |
| Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: vmware
Published: 2025-01-30T15:30:12.218Z
Updated: 2025-03-13T13:45:16.580Z
Reserved: 2025-01-02T04:29:30.444Z
Link: CVE-2025-22221
Vulnrichment
Updated: 2025-02-12T19:44:56.496Z
NVD
Status : Awaiting Analysis
Published: 2025-01-30T16:15:31.257
Modified: 2025-03-13T14:15:35.450
Link: CVE-2025-22221
Redhat
No data.