Headline
CVE-2023-20868: VMSA-2023-0010
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. A remote attacker can inject HTML or JavaScript to redirect to malicious pages.
Advisory ID: VMSA-2023-0010
CVSSv3 Range: 4.3
Issue Date: 2023-05-23
Updated On: 2023-05-23 (Initial Advisory)
CVE(s): CVE-2023-20868
Synopsis: NSX-T update addresses cross-site scripting vulnerability (CVE-2023-20868)
****1. Impacted Products****
- NSX-T
****2. Introduction****
An XSS vulnerability in NSX-T was privately reported to VMware. Updates are available to address this vulnerability in affected VMware product.
****3. NSX-T reflected XSS vulnerability (CVE-2023-20868)****
NSX-T contains a reflected cross-site scripting vulnerability due to a lack of input validation. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.3.
A remote attacker can inject HTML or JavaScript to redirect to malicious pages
To remediate CVE-2023-20868 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
VMware would like to thank Faisal Patel of Nationwide Building Society for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
NSX
4.x
Any
CVE-2023-20868
N/A
N/A
Unaffected
None
None
NSX-T
3.2.x
Any
CVE-2023-20868
4.3
moderate
3.2.3
None
None
NSX-T
3.1.x, 3.0.x
Any
CVE-2023-20868
N/A
N/A
Unaffected
None
None
Cloud Foundation (NSX-T)
4.5.x
Any
CVE-2023-20868
4.3
moderate
NSX-T 3.2.3
None
KB88287
Cloud Foundation (NSX-T)
4.4.x, 4.3.x
Any
CVE-2023-20868
N/A
N/A
Unaffected
None
None
****4. References****
****5. Change Log****
2023-05-23 VMSA-2023-0010
Initial security advisory.
****6. Contact****