VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.
References
Link | Resource |
---|---|
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
14 May 2025, 16:36
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199 - Vendor Advisory | |
First Time |
Vmware aria Operations
Vmware Vmware cloud Foundation |
|
CPE | cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:* |
06 Dec 2024, 20:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-79 | |
Summary |
|
26 Nov 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-11-26 12:15
Updated : 2025-05-14 16:36
NVD link : CVE-2024-38834
Mitre link : CVE-2024-38834
CVE.ORG link : CVE-2024-38834
JSON object : View
Products Affected
vmware
- cloud_foundation
- aria_operations
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')