Severity by source
AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:H
Lifecycle Timeline
3DescriptionCVE.org
VMware NSX Manager UI is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper input validation.
AnalysisAI
VMware NSX Manager UI is vulnerable to stored cross-site scripting (XSS) attacks via improper input validation in user-controllable fields (CWE-79). An authenticated attacker with high privileges can inject malicious scripts that persist in the application and execute in the browsers of other users, potentially leading to session hijacking, credential theft, or unauthorized administrative actions. With a CVSS score of 7.5 and network-accessible attack vector, this vulnerability poses a moderate-to-high risk to NSX Manager deployments, particularly in multi-user environments.
Technical ContextAI
The vulnerability exists in the VMware NSX Manager web UI tier, which processes user input without adequate sanitization or encoding before storing and rendering it in HTML responses. This classic stored XSS vulnerability (CWE-79: Improper Neutralization of Input During Web Page Generation) occurs when application fields accept user input, store it in backend data stores (databases, configuration files), and subsequently render that content to other authenticated users without proper HTML entity encoding or Content Security Policy (CSP) protections. The affected technology stack likely includes NSX Manager's REST API and web UI components built on Java/Spring frameworks common to VMware infrastructure products. CPE context would identify affected NSX Manager versions (typically CPE:2.3:a:vmware:nsx:*:*:*:*:manager:*:*:*), with specific version ranges requiring identification from vendor advisories.
RemediationAI
Immediate actions: (1) Apply vendor-supplied security patches for NSX Manager UI component to patched versions (specific versions to be identified from VMware VMSA advisory). (2) If patching is not immediately possible, implement network segmentation to restrict NSX Manager UI access to trusted administrative networks only, reducing exposure to untrusted users. (3) Deploy Web Application Firewall (WAF) rules to detect/block injection payloads in common XSS attack vectors (script tags, event handlers, SVG payloads). (4) Enable and enforce Content Security Policy (CSP) headers in NSX Manager responses to prevent inline script execution. (5) Conduct administrative audit logs to identify if stored XSS has been exploited (search for malicious script injections in configuration audit trails). (6) Reset sessions/credentials for administrative accounts that may have been compromised via XSS attacks. Vendor patch availability and download links should be obtained from VMware's official security advisory pages; do not rely on third-party sources.
More in Telco Cloud Platform
View allVMware ESXi and Workstation contain a TOCTOU race condition leading to out-of-bounds write, allowing local administrator
VMware ESXi contains an arbitrary write vulnerability that allows privileged VMX process users to trigger kernel writes,
VMware Aria Operations contains a command injection vulnerability (CVE-2026-22719, CVSS 8.1) that allows unauthenticated
VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability via HGFS out-of-bounds read, allowi
VMware Aria automation contains a DOM based Cross-Site Scripting (XSS) vulnerability. Rated high severity (CVSS 8.2), th
Stored XSS in VMware Aria Operations allows authenticated users with benchmark creation privileges to inject malicious s
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the gateway firewall due to improper input vali
Privilege escalation in VMware Aria Operations allows authenticated users with vCenter access to escalate their privileg
VMware NSX contains a stored Cross-Site Scripting (XSS) vulnerability in the router port due to improper input validatio
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2025-16910