Lucene search
K

4 matches found

OSV
OSV
added 2 days ago4 views

PYSEC-2026-1688 Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Impact A Nautobot user with admin privileges can modify the BANNERTOP, BANNERBOTTOM, and BANNERLOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages or specifically on...

7.5CVSS5.9AI score0.00606EPSS
Exploits1References9
CVE
CVE
added 2025/12/17 10:44 p.m.11 views

CVE-2023-53931

Revive Adserver 5.4.1 is affected by a cross-site scripting (XSS) vulnerability in the banner-advanced.php endpoint. The issue arises from unsanitized input passed via the prepend and append parameters, enabling an attacker to inject and execute arbitrary JavaScript when an administrator views th...

6.1CVSS5.7AI score0.02256EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2025/12/17 10:44 p.m.22 views

CVE-2023-53931 Revive Adserver 5.4.1 Cross-Site Scripting via Banner Advanced Settings

Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute...

6.1CVSS0.02256EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/05/13 12:0 a.m.5 views

PT-2024-26121

Name of the Vulnerable Software and Affected Versions Nautobot versions prior to 1.6.22 Nautobot versions prior to 2.2.4 Description A Nautobot user with admin privileges can modify the BANNER TOP, BANNER BOTTOM, and BANNER LOGIN configuration settings via the "/admin/constance/config/" endpoint...

7.5CVSS7AI score0.00606EPSS
Exploits1References14
Rows per page
Query Builder