Medium severity6.1NVD Advisory· Published Dec 20, 2017· Updated May 13, 2026

CVE-2017-4940

Description

The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.

Affected products

VMware/Esxiv5
Range: 6.5 before ESXi650-201712103-SG

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securitytracker.com/id/1040024nvdThird Party AdvisoryVDB Entry
www.vmware.com/security/advisories/VMSA-2017-0021.htmlnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000