Active Content is a resource which can run in the context of your page and moreover can alter the entire page. If the HTTPS page includes active content like scripts or stylesheets retrieved through regular, cleartext HTTP, then the connection is only partially encrypted. The unencrypted content is accessible to sniffers.

VMware Cloud Director

The API documentation page in VMware Cloud Director (VCD) includes content like scripts or stylesheets that were loaded over HTTP, even though the page itself is using HTTPS.

• Block traffic to URLs which contains developer.eng.vmware as this is no longer valid and is inaccessible.
• This reported vulnerability impacts only the VMware Cloud Director (VCD) API documentation page and does not affect the VCD product itself.