The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this vulnerability by injecting Javascript, which might get executed when other users access the Host Client.
Conclusion & alert: CVE-2017-4940 is rated Moderate Risk (44.5/100): CVSS Medium severity, with medium exploitation likelihood (EPSS 0.91%). Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.15% | 0.91% | +0.76% |
| 2 | 2026-05-16 | 0.23% | 0.15% | -0.08% |
| 3 | 2025-03-30 | — | 0.23% | — |
Full EPSS history (9 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 6.1 | 3.1 | MEDIUM |
|
2.8 | 2.7 | [email protected] |
| 4.3 | 2.0 | MEDIUM |
|
8.6 | 2.9 | [email protected] |
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| vmware | esxi | 5.5 | cpe:2.3:o:vmware:esxi:5.5:-:*:*:*:*:*:* |
| vmware | esxi | 5.5 | cpe:2.3:o:vmware:esxi:5.5:1:*:*:*:*:*:* |
| vmware | esxi | 5.5 | cpe:2.3:o:vmware:esxi:5.5:2:*:*:*:*:*:* |
| vmware | esxi | 5.5 | cpe:2.3:o:vmware:esxi:5.5:3a:*:*:*:*:*:* |
| vmware | esxi | 5.5 | cpe:2.3:o:vmware:esxi:5.5:3b:*:*:*:*:*:* |
| vmware | esxi | 5.5 | cpe:2.3:o:vmware:esxi:5.5:550-20170901001s:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:-:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:1:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:1a:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:1b:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:2:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:3:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:3a:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201504401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201505401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507404:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507405:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507406:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201507407:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509201:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509202:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509203:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509204:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509205:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509206:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509207:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509208:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509209:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201509210:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201510401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201511401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601404:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201601405:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201602401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603201:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603202:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603203:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603204:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603205:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603206:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603207:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201603208:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201605401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608404:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201608405:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201610410:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201611401:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201611402:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201611403:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702101:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702102:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702201:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702202:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702203:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702204:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702205:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702206:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702207:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702208:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702209:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702210:*:*:*:*:*:* |
| vmware | esxi | 6.0 | cpe:2.3:o:vmware:esxi:6.0:600-201702211:*:*:*:*:*:* |
| URL | Tags |
|---|---|
| http://www.securitytracker.com/id/1040024 | Third Party Advisory VDB Entry |
| https://www.vmware.com/security/advisories/VMSA-2017-0021.html | Vendor Advisory |