CVE-2022-31358

Name of the Vulnerable Software and Affected Versions Proxmox Virtual Environment versions prior to 7.2-3

Description A reflected cross-site scripting (XSS) issue allows remote attackers to execute arbitrary web scripts or HTML via non-existent endpoints under the path "/api2/html/". This enables attackers to potentially manipulate web content.

Recommendations For versions prior to 7.2-3, update to version 7.2-3 or later to resolve the issue. As a temporary workaround, consider restricting access to non-existent endpoints under the "/api2/html/" path to minimize the risk of exploitation.