CVE-2024-40729

NetBox v4.0.3 is affected by a cross-site scripting (XSS) vulnerability in the Name parameter of the /dcim/interfaces/add/ form. The vulnerability arises from insufficient filtering/escaping of user input, allowing an attacker to inject arbitrary HTML/JS into the page. Documents consistently iden...

CVE-2024-40741

NetBox v4.0.3 is affected by an XSS vulnerability via the circuit ID parameter in /circuits/circuits/{id}/edit/. The root cause is insufficient filtering/escaping of user-supplied data in that parameter, allowing injection of arbitrary HTML/script into the page. Impact is limited to client-side e...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2024-40739

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...

CVE-2024-40733

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/id/edit/...

CVE-2024-40737

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add...

CVE-2024-40734

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/...

CVE-2024-40739

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...

CVE-2024-40728

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/id/edit/...

CVE-2024-40728

NetBox v4.0.3 is affected by an XSS flaw in the /dcim/console-server-ports/{id}/edit/ Name field due to insufficient filtering/escaping of user input. Multiple sources (Red Hat, CNVD, OSV, NVD, CVE listings) confirm a cross-site scripting vulnerability that could allow an attacker to inject arbit...

CVE-2024-38972

NetBox vulnerability CVE-2024-38972 is an XSS issue in version 4.0.3. The root cause is lack of proper filtering/escaping of user-supplied data in the Name parameter at the /dcim/power-ports/add/ endpoint, allowing injection of arbitrary HTML/script code. Affected product: NetBox v4.0.3 (DCIM/IPA...

CVE-2024-40739

NetBox v4.0.3 contains a cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML/script via the Name parameter on the /dcim/power-feeds/add page. Root cause appears to be insufficient input filtering/escaping of user-supplied data in that location (as reported by...

PT-2024-29016 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/console-ports/id/edit/". Recommendations: For netbox...

PT-2024-29020 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at "/circuits/circuits/id/edit/" API endpoint...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

PT-2024-29010 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/rear-ports/add/". Recommendations: For netbox versio...

CVE-2024-40732

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/...

CVE-2024-38972

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/...

PT-2024-29019 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-feeds/id/edit/" API endpoint. Recommendations:...

PT-2024-28299 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-ports/add/". Recommendations: For netbox versi...