Netbox

Netbox

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-69848

  • EPSS 0.01%
  • Veröffentlicht 03.02.2026 00:00:00
  • Zuletzt bearbeitet 11.02.2026 16:08:50

NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are in...

6.5

CVE-2024-56915

Exploit
  • EPSS 0.06%
  • Veröffentlicht 26.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:44:36

Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.

7.1

CVE-2024-56917

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:44:01

Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

6.1

CVE-2024-56916

Exploit
  • EPSS 0.04%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:43:46

In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScr...

6.1

CVE-2024-56918

Exploit
  • EPSS 0.05%
  • Veröffentlicht 24.06.2025 00:00:00
  • Zuletzt bearbeitet 30.06.2025 14:42:40

In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.

5.4

CVE-2024-47226

Exploit
  • EPSS 0.14%
  • Veröffentlicht 22.09.2024 02:15:02
  • Zuletzt bearbeitet 30.06.2025 14:50:07

A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the ...

6.1

CVE-2024-40738

Exploit
  • EPSS 0.22%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 21.11.2024 09:31:32

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.

6.1

CVE-2024-40737

Exploit
  • EPSS 0.31%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 14.03.2025 15:15:41

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.

6.1

CVE-2024-40739

Exploit
  • EPSS 0.14%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 21.11.2024 09:31:33

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.

6.1

CVE-2024-40740

Exploit
  • EPSS 0.09%
  • Veröffentlicht 09.07.2024 18:15:12
  • Zuletzt bearbeitet 21.11.2024 09:31:33

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.