Vulnerabilities > Proxmox > Virtual Environment > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-12-14 CVE-2022-31358 Cross-site Scripting vulnerability in Proxmox Virtual Environment
A reflected cross-site scripting (XSS) vulnerability in Proxmox Virtual Environment prior to v7.2-3 allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under path /api2/html/.
network
low complexity
proxmox CWE-79
critical
9.0
2022-12-04 CVE-2022-35508 Server-Side Request Forgery (SSRF) vulnerability in Proxmox products
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon.
network
low complexity
proxmox CWE-918
critical
9.8