- Description
- VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations.
- Source
- security@vmware.com
- NVD status
- Analyzed
- Products
- aria_operations, cloud_foundation, telco_cloud_platform
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
VMware VCF Operations の脆弱性 CVE-2026-41722/41723/41724 が FIX:深刻な蓄積型 XSS https://t.co/uNWnFOKPg9 VMware に存在する、脆弱性 CVE-2026-41722/CVE-2026-41723/CVE-2026-41724
@iototsecnews
15 Jun 2026
89 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware Cloud Foundation Operationsに保存型XSSが可能な脆弱性(CVE-2026-41722、CVE-2026-41723、CVE-2026-41724) https://t.co/nrw8NPxwf9 #セキュリティ対策Lab #security #securitynews
@securityLab_jp
10 Jun 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Broadcom disclosed three stored XSS vulnerabilities in VMware Cloud Foundation Operations and related products, CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724, rated CVSS 8.0 and enabling authenticated script injection, in advisory VMSA-2026-0004. https://t.co/4dGrVvJoJN
@threatcluster
8 Jun 2026
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Warning: 3 high cross-site scripting #XSS in #VMware Cloud Foundation Operations #CVE-2026-41722 #CVE-2026-41723 #CVE-2026-41724 CVSS: 8.0 A remote attacker with low privileges can exploit them to perform admin actions. #Patch #Patch #Patch
@CCBalert
8 Jun 2026
170 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
先日の 9.1 EP1 対応のものかと思ったら 9.1 含めたリリース済みのパッチで対応してたパターンか👀 VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724) h
@yuki_kawamitsu
8 Jun 2026
208 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
VMware Cloud Foundationに複数の蓄積型クロスサイトスクリプティングの脆弱性。CVE-2026-41722, CVE-2026-41723, CVE-2026-41724。修正版が提供されている。 https://t.co/sTgyWV70ym
@__kokumoto
8 Jun 2026
969 Impressions
1 Retweet
6 Likes
3 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:aria_operations:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D15E98E-D17E-41F9-BDC1-2094AAD6B6AD",
"versionEndExcluding": "8.18.7",
"versionStartIncluding": "8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B445F6BB-4CFA-45DC-BD63-BDB6822BC288",
"versionEndExcluding": "8.18.7",
"versionStartIncluding": "5.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:telco_cloud_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "11C9044D-38B2-4FAF-A67B-52C26DBD8914",
"versionEndExcluding": "8.18.7",
"versionStartIncluding": "5.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]