Vulnerabilities > Proxmox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-28 | CVE-2023-46854 | Cross-site Scripting vulnerability in Proxmox Proxmox-Widget-Toolkit Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature. | 6.1 |
| 2020-01-27 | CVE-2014-4156 | Information Exposure Through Discrepancy vulnerability in Proxmox Virtual Environment Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability | 5.0 |
| 2017-05-03 | CVE-2015-9058 | Open Redirect vulnerability in Proxmox Mail Gateway Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the destination parameter. | 5.8 |
| 2017-05-03 | CVE-2015-9057 | Cross-site Scripting vulnerability in Proxmox Mail Gateway Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | 4.3 |
| 2014-03-14 | CVE-2014-2325 | Cross-Site Scripting vulnerability in Proxmox Mail Gateway Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/index.htm or (2) User email address to quarantine/spam/manage.htm. | 4.3 |