CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-43320 – Proxmox VE 7.4-1 TOTP Brute Force
https://notcve.org/view.php?id=CVE-2023-43320
An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. Un problema en Proxmox Server Solutions GmbH Proxmox VE v.5.4 hasta v.8.0, Proxmox Backup Server v.1.1 hasta v.3.0 y Proxmox Mail Gateway v.7.1 hasta v.8.0 permite a un atacante autenticado remoto escalar privilegios evitando el Componente de autenticación de dos factores. Proxmox VE versions 5.4 through 7.4-1 suffer from a TOTP brute forcing vulnerability. • http://packetstormsecurity.com/files/176967/Proxmox-VE-7.4-1-TOTP-Brute-Force.html https://bugzilla.proxmox.com/show_bug.cgi?id=4579 https://bugzilla.proxmox.com/show_bug.cgi?id=4584 https://github.com/proxmox/proxmox-rs/commit/50b793db8d3421bbfe2bce060a486263f18a90cb •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31358
https://notcve.org/view.php?id=CVE-2022-31358
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. Una vulnerabilidad de cross site scripting (XSS) reflejado en Proxmox Virtual Environment anterior a v7.2-3 permite a atacantes remotos ejecutar scripts web o HTML de su elección a través de endpoints inexistentes en la ruta /api2/html/. • http://proxmox.com https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0afffa64e1d91f5e018b985f762 https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-mail-gateway https://www.proxmox.com/en • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •