Vulnerabilities > Proxmox > Virtual Environment > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-12-14 | CVE-2022-31358 | Cross-site Scripting vulnerability in Proxmox Virtual Environment A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/. | 9.0 |
2022-12-04 | CVE-2022-35508 | Server-Side Request Forgery (SSRF) vulnerability in Proxmox products Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. | 9.8 |