Unrated severityNVD Advisory· Published Mar 16, 2012· Updated Apr 29, 2026

CVE-2012-1512

Description

Cross-site scripting (XSS) vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry.

Affected products

VMware/Vsphere2 versions
cpe:2.3:a:vmware:vsphere:*:update1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:vmware:vsphere:*:update1:*:*:*:*:*:*range: <=4.1
- cpe:2.3:a:vmware:vsphere:*:*:*:*:*:*:*:*range: <=5.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.vmware.com/security/advisories/VMSA-2012-0005.htmlnvdVendor Advisory
osvdb.org/80119nvd
secunia.com/advisories/48387nvd
www.securityfocus.com/bid/52525nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/74093nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000