You can set arbitrary text in the description config entry of a VM and this will show up in the GUI's Notes field, via:
qm set 1000 --description "stuff"
I am using this for metadata on the VM, ie:
When I view the PVE GUI's Notes field, it is not HTML-encoded, so the source code of the actual page now has a <metadata> in the web page source code. This is a security vulnerability as a malicious admin could inject HTML code into admins' browsers.
qm set 1000 --description "stuff"
I am using this for metadata on the VM, ie:
Code:
Stuff
stuff 2
<metadata>e2NpZGlza19oYXNoOiBjNDVhMzhjYWE0NDg3NTAzNmZmNmIxMTRjZWRhNTdlZDFhMjZjOWI1fQo=</metadata>When I view the PVE GUI's Notes field, it is not HTML-encoded, so the source code of the actual page now has a <metadata> in the web page source code. This is a security vulnerability as a malicious admin could inject HTML code into admins' browsers.
Last edited:
