4 matches found
PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...
CVE-2023-53931
Revive Adserver 5.4.1 is affected by a cross-site scripting (XSS) vulnerability in the banner-advanced.php endpoint. The issue arises from unsanitized input passed via the prepend and append parameters, enabling an attacker to inject and execute arbitrary JavaScript when an administrator views th...
CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...
PT-2024-26121
Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 1.6.22 Nautobot versions prior to 2.2.4 Description A Nautobot user with admin privileges can modify the BANNER TOP, BANNER BOTTOM, and BANNER LOGIN configuration settings via the "/admin/constance/config/" endpoint...