Netbox

Netbox

46 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-57543

Exploit
  • EPSS 0.03%
  • Veröffentlicht 16.03.2026 00:00:00
  • Zuletzt bearbeitet 20.03.2026 13:56:20

Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress at...

5.4

CVE-2025-69848

  • EPSS 0.02%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 11.02.2026 16:08:50

NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are in...

6.5

CVE-2024-56915

Exploit
  • EPSS 0.1%
  • Veröffentlicht 26.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:44:36

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.

7.1

CVE-2024-56917

Exploit
  • EPSS 0.07%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:44:01

Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

6.1

CVE-2024-56916

Exploit
  • EPSS 0.08%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:43:46

In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScr...

6.1

CVE-2024-56918

Exploit
  • EPSS 0.1%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:42:40

In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.

5.4

CVE-2024-47226

Exploit
  • EPSS 0.1%
  • Veröffentlicht 22.09.2024 02:15:02
  • Zuletzt bearbeitet 30.06.2025 14:50:07

A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the ...

6.1

CVE-2024-40739

Exploit
  • EPSS 0.14%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 21.11.2024 09:31:33

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.

6.1

CVE-2024-40737

Exploit
  • EPSS 0.31%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 14.03.2025 15:15:41

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.

6.1

CVE-2024-40738

Exploit
  • EPSS 0.22%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 21.11.2024 09:31:32

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.