### [CVE-2022-31663](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31663)
![](https://img.shields.io/static/v1?label=Product&message=VMware%20Workspace%20ONE%20Access%2C%20Identity%20Manager%20and%20vRealize%20Automation&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=VMware%20Workspace%20ONE%20Access%2C%20Identity%20Manager%20and%20vRealize%20Automation%20contain%20a%20reflected%20cross-site%20scripting%20(XSS)%20vulnerability.&color=brighgreen)

### Description

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a reflected cross-site scripting (XSS) vulnerability. Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window.

### POC

#### Reference
- https://www.vmware.com/security/advisories/VMSA-2022-0021.html

#### Github
No PoCs found on GitHub currently.