{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-10T22:22:13.599","vulnerabilities":[{"cve":{"id":"CVE-2021-22021","sourceIdentifier":"security@vmware.com","published":"2021-08-30T19:15:08.457","lastModified":"2024-11-21T05:49:27.277","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link."},{"lang":"es","value":"VMware vRealize Log Insight (versiones 8.x anteriores a 8.4) contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) debido a una comprobación inapropiada de la entrada del usuario. Un atacante con privilegios de usuario puede ser capaz de inyectar una carga útil maliciosa por medio de la interfaz de usuario de Log Insight que se ejecutaría cuando la víctima acceda al enlace del panel compartido."}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","baseScore":5.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":2.3,"impactScore":2.7}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:S/C:N/I:P/A:N","baseScore":3.5,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"LOW","exploitabilityScore":6.8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-79"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndExcluding":"4.3","matchCriteriaId":"722CF000-C0A1-4704-BDC6-3446D1530F3B"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0","versionEndIncluding":"4.8","matchCriteriaId":"F651BAC0-AA2B-4448-95AB-B37815BC2F1A"},{"vulnerable":true,"criteria":"cpe:2.3:a:vmware:vrealize_log_insight:*:*:*:*:*:*:*:*","versionStartIncluding":"8.0.0","versionEndExcluding":"8.4","matchCriteriaId":"6583A319-9261-4891-92AE-A0F429FF0A0D"}]}]}],"references":[{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0019.html","source":"security@vmware.com","tags":["Patch","Vendor Advisory"]},{"url":"https://www.vmware.com/security/advisories/VMSA-2021-0019.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"]}]}}]}