The stored XSS flaws in vRealize only affect some versions, but could lead to the compromise of user workstations
VMware has patched two cross-site scripting issues this week in several editions of the company's vRealize software. The flaws reportedly could be exploited in stored XSS attacks and lead to remote code execution and the compromise of business workstations.
A VMware security advisory was posted on Tuesday, citing issues with Linux versions of VMware vRealize Automation 6.x prior to 6.2.4, and VMware vRealize Business Advanced and Enterprise 8.x prior to 8.2.5.
Linux users operating affected versions are urged to patch their environments as soon as possible to address the problem. According to the National Institute of Standards and Technology (NIST), the vulnerability could allow "remote authenticated users to inject arbitrary web script or HTML via unspecified vectors."