exploitDog

CVE-2025-57540

Опубликовано: 09 сент. 2025

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks.

Ссылки

https://forum.proxmox.com/threads/proxmox-virtual-environment-security-advisories.149331/page-2#post-792010
Issue Tracking
Vendor Advisory
https://github.com/khankishiyev-j/bug-bounty/blob/main/proxmox-xss
Exploit
Third Party Advisory
https://www.youtube.com/watch?v=-wvkN-7oT5U
Broken Link
https://github.com/khankishiyev-j/bug-bounty/blob/main/proxmox-xss
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:proxmox:virtual_environment:8.4:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.0005

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

GHSA-2p4j-7hmq-hf5r

CVSS3: 5.4

github

5 месяцев назад

A stored cross-site scripting (XSS) vulnerability exists in the WebAuthn Relying Party field within the Datacenter configuration of Proxmox Virtual Environment (PVE) 8.4. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks.

EPSS

Процентиль: 16%

0.0005

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-79