CVE-2023-46854
5.4
CVSS:3.1/AC:L/AV:N/A:N/C:L/I:L/PR:L/S:C/UI:R
Summary
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d
- https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d
- https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.