Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts

Broadcom has disclosed three stored cross-site scripting (XSS) vulnerabilities affecting VMware Cloud Foundation Operations and several related products, warning that authenticated attackers could inject malicious scripts to perform administrative actions within the environment. Tracked as CVE-2026-41722, CVE-2026-41723, and CVE-2026-41724, the flaws were addressed in security advisory VMSA-2026-0004, published on June 8, 2026. Each vulnerability carries […] The post Multiple VMware Stored XSS Vulnerabilities Allow Attackers to Inject Malicious Scripts appeared first on Cyber Security News.