Advisory ID : FrSIRT/ADV-2005-3084
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-12-24
A vulnerability has been identified in VMware ESX Server, which may be exploited by attackers to inject malicious HTML code. This flaw is due to an input validation error in the VMware Management Interface that does not properly validate certain parameters, which may be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.
Affected Products: WMware ESX Server 2.0.x, 2.1.x, 2.5.x
Solution: Apply latest VmWare Patches
Sharing as an FYI for those using VMware for server consolidation and management.
VMware - Critical Security Update should be applied quickly