Vulnerability Description
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Proxmox | Virtual Environment | < 7.2-3 |
Related Weaknesses (CWE)
References
- http://proxmox.comProduct
- https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0
- https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-ExploitPatchTechnical Description
- https://www.proxmox.com/en/Product
- http://proxmox.comProduct
- https://git.proxmox.com/?p=pve-http-server.git%3Ba=commitdiff%3Bh=00661f1223b7c0
- https://starlabs.sg/blog/2022/12-multiple-vulnerabilites-in-proxmox-ve--proxmox-ExploitPatchTechnical Description
- https://www.proxmox.com/en/Product
FAQ
What is CVE-2022-31358?
CVE-2022-31358 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under pa...
How severe is CVE-2022-31358?
CVE-2022-31358 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-31358?
Check the references section above for vendor advisories and patch information. Affected products include: Proxmox Virtual Environment.