Today VMware has released the following new and updated security advisories:
New
VMSA-2016-0006
Updated
VMSA-2015-0007.5
VMSA-2016-0005.1

The new advisory addresses an important cross-site scripting issue in the vSphere Web Client, CVE-2016-2078. The issue is present on the server side when vCenter Server is running on Windows.

Please sign up to the Security-Announce mailing list to receive new and updated VMware Security Advisories.

Customers should review the security advisories and direct any questions to VMware Support.