VMSA-2018-0009 documents the remediation of two issues: one important (DOM-based cross-site scripting vulnerability which may lead to the compromise of the vRA user’s workstation) and one moderate (missing renewal of session tokens vulnerability which may lead to the hijacking of a valid vRA user’s session).