Lucene search
+L

64 matches found

Veracode
Veracode
added 2024/09/30 6:0 a.m.6 views

Cross-site Scripting (XSS)

NetBox is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper sanitization in the "Top banner" field within the "Configuration History" feature of the "Admin" panel, allowing an authenticated user to inject arbitrary JavaScript or HTML...

5.4CVSS5.8AI score0.00289EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2024/09/22 2:15 a.m.11 views

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

5.4CVSS0.00289EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/09/22 12:0 a.m.19 views

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

0.00289EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/09/22 12:0 a.m.10 views

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

5.2AI score0.00289EPSS
Exploits1References2
CVE
CVE
added 2024/09/22 12:0 a.m.64 views

CVE-2024-47226

NetBox 4.1.0 is affected by a stored XSS in the Admin panel’s Configuration History feature, via the /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the Top banner field. The issue’s validity is debated by third parties, arguing the banner is...

5.4CVSS5.2AI score0.00289EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/09/22 12:0 a.m.4 views

CVE-2024-47226

A stored cross-site scripting XSS vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties...

5.4CVSS5.4AI score0.00289EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/21 12:0 a.m.6 views

PT-2024-32485

Name of the Vulnerable Software and Affected Versions NetBox version 4.1.0 Description A stored cross-site scripting XSS issue exists within the "Configuration History" feature of the "Admin" panel via the "/core/config-revisions/" endpoint, specifically through the "Add" action. An authenticated...

5.4CVSS5.8AI score0.00289EPSS
Exploits1References11
Tenable Nessus
Tenable Nessus
added 2023/09/07 12:0 a.m.59 views

Jenkins plugins Multiple Vulnerabilities (2023-09-06)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: - Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a histo...

8.8CVSS6.7AI score0.01855EPSS
Exploits0References20
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.39 views

Path traversal in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...

4.3CVSS6.7AI score0.0076EPSS
Exploits0References4Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/06 3:30 p.m.28 views

XSS vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.6AI score0.00432EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/09/06 3:30 p.m.22 views

GHSA-CGH7-RGQG-HRCX Path traversal allows exploiting XXE vulnerability in Jenkins Job Configuration History Plugin

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.5CVSS6.5AI score0.00555EPSS
Exploits0References3
OSV
OSV
added 2023/09/06 3:30 p.m.33 views

GHSA-GHJW-FCF6-RPR9 Job Configuration History Plugin's path traversal allows exploiting XXE vulnerability

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS8.6AI score0.0075EPSS
Exploits0References5
OSV
OSV
added 2023/09/06 1:15 p.m.4 views

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS5.8AI score0.0075EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 1:15 p.m.23 views

CVE-2023-41933

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

8.8CVSS8.7AI score0.0075EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 1:15 p.m.27 views

CVE-2023-41931

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...

5.4CVSS5.6AI score0.00432EPSS
Exploits0References2
NVD
NVD
added 2023/09/06 1:15 p.m.27 views

CVE-2023-41932

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.5CVSS6.7AI score0.00555EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/09/06 12:8 p.m.18 views

CVE-2023-41932

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict 'timestamp' query parameters in multiple endpoints, allowing attackers with to delete attacker-specified directories on the Jenkins controller file system as long as they contain a file called 'history.xml'...

6.6AI score0.00555EPSS
Exploits0References2
CVE
CVE
added 2023/09/06 12:8 p.m.126 views

CVE-2023-41932

The CVE-2023-41932 entry affects Jenkins Job Configuration History Plugin 1227.v7a_79fc4dc01f and earlier. The root cause is that the plugin does not restrict the 'timestamp' query parameter across multiple endpoints, which can allow an attacker to delete attacker-specified directories on the Jen...

6.5CVSS6.3AI score0.00555EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/09/06 12:8 p.m.41 views

CVE-2023-41931

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not property sanitize or escape the timestamp value from history entries when rendering a history entry on the history view, resulting in a stored cross-site scripting XSS vulnerability...

5.8AI score0.00432EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/06 12:8 p.m.50 views

CVE-2023-41930

Jenkins Job Configuration History Plugin 1227.v7a79fc4dc01f and earlier does not restrict the 'name' query parameter when rendering a history entry, allowing attackers to have Jenkins render a manipulated configuration history that was not created by the plugin...

5.2AI score0.0076EPSS
Exploits0References2
Rows per page
Query Builder