The host is installed with VMware vSphere Client 4.1 before Update 2 or 5.0 before Update 1 and is prone to a cross-site scripting vulnerability. A flaw is present in the application, which fails to handle a crafted log-file entry. Successful exploitation allows remote attackers to inject arbitrary web script or HTML.