CVE-2022-31358
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
14/12/2022
Last modified:
22/04/2025
Description
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
Impact
Base Score 3.x
9.00
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:proxmox:virtual_environment:*:*:*:*:*:*:*:* | 7.2-3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://proxmox.com
- https://git.proxmox.com/?p=pve-http-server.git%3Ba%3Dcommitdiff%3Bh%3D00661f1223b7c0afffa64e1d91f5e018b985f762
- https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/
- https://www.proxmox.com/en/
- http://proxmox.com
- https://git.proxmox.com/?p=pve-http-server.git%3Ba%3Dcommitdiff%3Bh%3D00661f1223b7c0afffa64e1d91f5e018b985f762
- https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway/
- https://www.proxmox.com/en/