Netbox

Netbox

45 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2023-33795

Exploit
  • EPSS 0.11%
  • Veröffentlicht 24.05.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:01

A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

9.1

CVE-2023-33796

Exploit
  • EPSS 0.28%
  • Veröffentlicht 24.05.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:01

A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for...

5.4

CVE-2023-33797

Exploit
  • EPSS 0.29%
  • Veröffentlicht 24.05.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:01

A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

5.4

CVE-2023-33798

Exploit
  • EPSS 0.1%
  • Veröffentlicht 24.05.2023 20:15:10
  • Zuletzt bearbeitet 21.11.2024 08:06:01

A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

5.4

CVE-2019-25011

Exploit
  • EPSS 0.53%
  • Veröffentlicht 31.12.2020 20:15:12
  • Zuletzt bearbeitet 21.11.2024 04:39:43

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.