Lucene search
K
ProxmoxVirtual Environment

8 matches found

CVE
CVE
added 2022/12/14 12:0 a.m.204 views

CVE-2022-31358

CVE-2022-31358 is a reflected XSS in Proxmox Virtual Environment before v7.2-3. The issue allows remote attackers to execute arbitrary web scripts/HTML by accessing non-existent endpoints under /api2/html/. Affected software: Proxmox VE versions prior to 7.2-3. Root cause/impact: reflected XSS wi...

9CVSS7.8AI score0.01273EPSS
CVE
CVE
added 2022/12/04 12:0 a.m.115 views

CVE-2022-35508

Proxmox CVE-2022-35508 enables SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon, exploitable by an unprivileged user to disclose server files. In Proxmox Mail Gateway, there is also a privilege escalation route to root@pam if backup artifacts were used, because pmg-backup...

9.8CVSS9.2AI score0.01175EPSS
CVE
CVE
added 2023/09/27 12:0 a.m.97 views

CVE-2023-43320

Affected products and versions: Proxmox VE 5.4–8.0, Proxmox Backup Server 1.1–3.0, and Proxmox Mail Gateway 7.1–8.0. Vulnerability: remote authenticated attacker can escalate privileges by bypassing the two‑factor authentication component. Root cause/impact: authentication bypass enabling privile...

8.8CVSS8.6AI score0.0099EPSS
Web
CVE
CVE
added 2022/12/04 12:0 a.m.95 views

CVE-2022-35507

Proxmox VE/PMG web interfaces are affected by a response-header CRLF injection in pve-http-server. An attacker can cause a client-side DoS by injecting CRLF into response headers to set cookies longer than the server expects, notably affecting Chromium-based browsers using %0d. Affected versions ...

7.1CVSS6.8AI score0.0138EPSS
CVE
CVE
added 2020/01/27 2:13 p.m.90 views

CVE-2014-4156

Proxmox VE prior to 3.2 has a User Enumeration vulnerability in AccessControl.pm . The issue is described across sources (NVD, RH, CVE registries) as a vulnerability affecting Proxmox VE before version 3.2, named “AccessControl.pm User Enumeration Vulnerability.” Public references note a moderate...

5.3CVSS5.2AI score0.012EPSS
CVE
CVE
added 2025/09/09 12:0 a.m.30 views

CVE-2025-57539

Vulnerability summary (CVE-2025-57539) : Proxmox Virtual Environment 8.4 is affected by a stored XSS in the U2F Origin field of the Datacenter configuration. Authenticated users can store input that is rendered unsafely in the Web UI and executed when viewed by others, potentially enabling sessio...

5.4CVSS5.1AI score0.00267EPSS
CVE
CVE
added 2025/09/09 12:0 a.m.21 views

CVE-2025-57538

The CVE-2025-57538 entry describes a stored XSS flaw in Proxmox Virtual Environment (PVE) 8.4, lodged in the HTTP Proxy field of the Datacenter configuration panel. An authenticated user can inject input that is stored and later executes in other users’ browsers when viewing the affected page, en...

5.4CVSS5.3AI score0.00308EPSS
CVE
CVE
added 2025/09/09 12:0 a.m.19 views

CVE-2025-57540

CVE-2025-57540 describes a stored cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment (PVE) 8.4, specifically in the WebAuthn Relying Party field of the Datacenter configuration. The issue allows authenticated users to inject JavaScript that runs in the browsers of others who ...

5.4CVSS5.3AI score0.00267EPSS