CVE-2024-40732

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/...

CVE-2024-40737

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add...

CVE-2024-40730

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/id/edit/...

CVE-2024-40727

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/...

CVE-2024-40742

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...

CVE-2024-40731

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/id/edit/...

PT-2024-29014 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-outlets/add" endpoint. Recommendations: For...

PT-2024-29021 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at the "/circuits/circuits/add" API endpoint...

PT-2024-29006 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/interfaces/add/". Recommendations: For netbox versio...

CVE-2024-40741

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...

CVE-2024-40735

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/id/edit/...

CVE-2024-40736

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add...

CVE-2024-40736

NetBox v4.0.3 is affected by an XSS vulnerability in the /dcim/power-outlets/add endpoint where user-supplied data in the Name parameter can be used to inject arbitrary HTML/JS. The root cause is insufficient filtering/escaping of input in that field, enabling attacker-controlled payloads to exec...

CVE-2024-40735

CVE-2024-40735 : A cross-site scripting (XSS) vulnerability affects NetBox v4.0.3. The issue arises from lack of proper filtering/escaping of user-supplied data in the Name parameter of the page /dcim/power-outlets/{id}/edit/ , allowing an attacker to inject arbitrary HTML/JS. The CVSS v3.1 base ...

CVE-2024-40727

NetBox v4.0.3 contains an XSS vulnerability in the /dcim/console-server-ports/add/ endpoint. A crafted payload inserted into the Name parameter can execute arbitrary web scripts/HTML in the context of the affected page. Root cause: insufficient filtering/escaping of user-supplied data leading to ...

CVE-2024-40733

NetBox v4.0.3 is affected by a cross-site scripting (XSS) vulnerability that allows execution of arbitrary web scripts/HTML via a crafted payload injected into the Name field at /dcim/front-ports/{id}/edit/. The Red Hat entry and CNVD/CNNVD entries corroborate this issue. The Connected documents ...

PT-2024-29020 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at "/circuits/circuits/id/edit/" API endpoint...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2024-40733

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/id/edit/...