CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31358
https://notcve.org/view.php?id=CVE-2022-31358
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. Una vulnerabilidad de cross site scripting (XSS) reflejado en Proxmox Virtual Environment anterior a v7.2-3 permite a atacantes remotos ejecutar scripts web o HTML de su elección a través de endpoints inexistentes en la ruta /api2/html/. • http://proxmox.com https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0afffa64e1d91f5e018b985f762 https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway https://www.proxmox.com/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4156
https://notcve.org/view.php?id=CVE-2014-4156
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability Proxmox VE versiones anteriores a 3.2: Vulnerabilidad de Enumeración de Usuario de "AccessControl.pm". • http://www.openwall.com/lists/oss-security/2014/06/17/16 http://www.securityfocus.com/bid/68028 • CWE-203: Observable Discrepancy •