64 matches found
Cross-site Scripting (XSS)
NetBox is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization in the "Top banner" field within the "Configuration History" feature of the "Admin" panel, allowing an authenticated user to inject arbitrary JavaScript or HTML...
CVE-2024-47226
A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...
CVE-2024-47226
A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...
CVE-2024-47226
A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...
CVE-2024-47226
NetBox 4.1.0 is affected by a stored XSS in the Admin panel’s Configuration History feature, via the /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the Top banner field. The issue’s validity is debated by third parties, arguing the banner is...
CVE-2024-47226
A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...
PT-2024-32485
Name of the Vulnerable Software and Affected Versions NetBox version 4.1.0 Description A stored cross-site scripting XSS issue exists within the "Configuration History" feature of the "Admin" panel via the "/core/config-revisions/" endpoint, specifically through the "Add" action. An authenticated...
Jenkins plugins Multiple Vulnerabilities (2023-09-06)
According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a histo...
Path traversal in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...
XSS vulnerability in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...
GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...
GHSA-GHJW-FCF6-RPR9 Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-41933
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-41933
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...
CVE-2023-41931
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2023-41932
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...
CVE-2023-41932
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...
CVE-2023-41932
The CVE-2023-41932 entry affects Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not restrict the 'timestamp' query parameter across multiple endpoints, which can allow an attacker to delete attacker-specified directories on the Jen...
CVE-2023-41931
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...
CVE-2023-41930
Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...