Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.
References
Link | Resource |
---|---|
https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d | Broken Link |
https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c | Broken Link |
https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo | Patch Release Notes Vendor Advisory |
Configurations
History
17 Nov 2023, 23:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Proxmox proxmox-widget-toolkit
|
|
CPE | cpe:2.3:a:proxmox:proxmox-widget-toolkit:*:*:*:*:*:*:*:* |
08 Nov 2023, 02:06
Type | Values Removed | Values Added |
---|---|---|
References | () https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c - Broken Link | |
References | () https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d - Broken Link | |
References | (MISC) https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo - Patch, Release Notes, Vendor Advisory | |
First Time |
Proxmox
Proxmox proxmox |
|
CPE | cpe:2.3:a:proxmox:proxmox:*:*:*:*:*:*:*:* | |
CWE | CWE-79 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
07 Nov 2023, 04:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-28 22:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-46854
Mitre link : CVE-2023-46854
CVE.ORG link : CVE-2023-46854
JSON object : View
Products Affected
proxmox
- proxmox-widget-toolkit
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')