CVE-2025-22221

Medium CVSS: 5.2

VMware Aria Operation for Logs contains a stored cross-site scripting vulnerability. A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration.

Vendor

Vmware

Product

Aria Operations For Logs

CWE

CWE-79

Yayın Tarihi

2025-01-30 16:15:31

Güncelleme

2025-05-14 16:47:14

Source Identifier

security@vmware.com

KEV Date Added

Kategoriler

CWE-79 Aria Operations For Logs MEDIUM Vmware 2025

Referanslar

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25329

Benzer Kayıtlar

High

CVE-2026-22729

A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass…

High

CVE-2026-22730

A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metada…

Medium

CVE-2026-22721

VMware Aria Operations contains a privilege escalation vulnerability. A malicious actor with privileges in vCenter to ac…

High

CVE-2026-22720

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with privileges to create…

High

CVE-2026-22719

VMware Aria Operations contains a command injection vulnerability. A malicious unauthenticated actor may exploit this is…

High

CVE-2025-41244

VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with…