CVE-2024-38833: Stored cross-site scripting vulnerability (CVE-2024-38833)

6.8 CVSS

Description

VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations.

Classification

CVE ID: CVE-2024-38833

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.8

Affected Products

Vendor: VMware

Product: VMware Aria Operations

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.44% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25199

Timeline

2024-11-27 14:41:57 UTC
CVE

Stored cross-site scripting vulnerability (CVE-2024-38833)