Main Vulnerability Database Vulnerabilities #VU123148

#VU123148 Stored cross-site scripting in VMware Aria Operations (formerly vRealize Operations) - CVE-2026-22720

Published: February 24, 2026

Vulnerability identifier: #VU123148

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-22720

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
VMware Aria Operations (formerly vRealize Operations)

Software vendor:
VMware, Inc

Description

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user with privileges to create custom benchmarks can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Remediation

Install updates from vendor's website.

External links

https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947

#VU123148 Stored cross-site scripting in VMware Aria Operations (formerly vRealize Operations) - CVE-2026-22720

Description

Remediation

External links

Please verify you're human