Khankishiyev-J

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment version 8.4 Description: A stored cross-site scripting (XSS) vulnerability exists in the HTTP Proxy field within the Datacenter configuration panel. This allows an authenticated user to inject malicious input that is stored and executed in the context of other users’ browsers when they view the affected configuration page, potentially leading to arbitrary JavaScript execution. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment versions 8.4 Description: A stored cross-site scripting (XSS) vulnerability exists in the U2F Origin field of the Datacenter configuration. Authenticated users can store malicious input which is rendered unsafely in the Web UI and executed when viewed by other users. This could potentially lead to session hijacking or other attacks. Recommendations: Update to a newer version that contains a fix for this issue. As a temporary workaround, sanitize user input for the U2F Origin field in the Datacenter configuration.

Name of the Vulnerable Software and Affected Versions: Proxmox Virtual Environment version 8.4 Description: A stored cross-site scripting (XSS) issue exists in the WebAuthn Relying Party field within the Datacenter configuration. Authenticated users can inject JavaScript code that is later executed in the browsers of users who view the configuration page, enabling client-side attacks. Recommendations: Update to a newer version that contains a fix for this issue.