CVE-2022-31358

Опубликовано: 14 дек. 2022

Источник: nvd

CVSS3: 9

EPSS Низкий

Описание

A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.

Ссылки

http://proxmox.com
Product
https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0afffa64e1d91f5e018b985f762
https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/
Exploit
Patch
Technical Description
Third Party Advisory
https://www.proxmox.com/en/
Product
http://proxmox.com
Product
https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0afffa64e1d91f5e018b985f762
https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/
Exploit
Patch
Technical Description
Third Party Advisory
https://www.proxmox.com/en/
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:*

Версия до 7.2-3 (исключая)

EPSS

Процентиль: 46%

0.00234

Низкий

9 Critical

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-rxvq-gr74-jvpj