Vulnerability Details CVE-2023-46854
Proxmox proxmox-widget-toolkit before 4.0.9, as used in multiple Proxmox products, allows XSS via the edit notes feature.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.3%
CVSS Severity
CVSS v3 Score 5.4
References
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c
- https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=1326f771b959e576d140da2249c8b5424da6c80d
- https://git.proxmox.com/?p=proxmox-widget-toolkit.git%3Ba=commit%3Bh=89699c6466cfd9cc3a81fbc926b62f122c33c23c
- https://pve.proxmox.com/wiki/Package_Repositories#sysadmin_test_repo
Products affected by CVE-2023-46854
-
cpe:2.3:a:proxmox:proxmox-widget-toolkit:*