[VIM] VMware vendor advisory page

Stuart Moore smoore at securityglobal.net
Thu Dec 29 02:04:40 EST 2005

The wording does sound like XSS because of the "in the browser" part.

VMware uses the same lousy knowledge base system as APC.  It doesn't 
make the date of the entry really obvious, but after looking at the 
URLs, I noticed there is a parameter in the URL called 'p_created' which 
has a UNIX timestamp value.  It doesn't look like it is the publish 
date, but maybe there is typically a delay between entry creation and 
publishing.  I'm not familiar with the KB system they use.


Steven M. Christey wrote:
> The thing that prompted me on this was this:
>   http://www.vmware.com/support/kb/enduser/std_adp.php?p_faqid=2001
> which FRSIRT:ADV-2005-3084 seems to think is XSS although it's not clear
> why.
> - Steve

More information about the VIM mailing list