480 matches found
CVE-2023-33791
A stored cross-site scripting XSS vulnerability in the Create Provider Accounts /circuits/provider-accounts/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
NetBox 安全漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from a vulnerability that allows an unauthenticated attacker to execute queries...
CVE-2023-33796
CVE-2023-33796 concerns NetBox v3.5.1, where unauthenticated attackers could issue queries against the GraphQL database and potentially access sensitive data. The core issue is described as a GraphQL access/permission gap that could expose data stored in the NetBox GraphQL layer; vendor disputes ...
PT-2023-24500 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Sites function, specifically at the /dcim/sites/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted paylo...
CVE-2023-33789
Summary: CVE-2023-33789 is a stored XSS vulnerability affecting NetBox 3.5.1, exploitable via the Name field in the Create Contact Groups endpoint at /tenancy/contact-groups/. The issue arises from the injection of crafted payloads that can execute scripts/HTML when rendered. Public sources consi...
PT-2023-24504 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Regions function, specifically at the /dcim/regions/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a craft...
PT-2023-24501 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Rack function, specifically at the /dcim/rack/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload...
PT-2023-24497 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Tenants function, specifically at the /tenancy/tenants/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a...
NetBox 跨站脚本漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows...
NetBox 跨站脚本漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows...
PT-2023-24494 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Provider Accounts function, specifically at the /circuits/provider-accounts/ API endpoint, allowing attackers to execute arbitrary web scripts or...
NetBox 跨站脚本漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows...
NetBox 跨站脚本漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows...
CVE-2023-33788
A stored cross-site scripting XSS vulnerability in the Create Providers /circuits/providers/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33789
A stored cross-site scripting XSS vulnerability in the Create Contact Groups /tenancy/contact-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33797
A stored cross-site scripting XSS vulnerability in the Create Sites /dcim/sites/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
PT-2023-24495 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Site Groups function, specifically at the /dcim/site-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting...
CVE-2023-33796
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; querie...
PT-2023-24499 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A vulnerability allows unauthenticated attackers to execute queries against the GraphQL database, potentially granting them access to sensitive data stored in the database. However, the vendor disputes this,...
CVE-2023-33793
CVE-2023-33793 is a stored XSS affecting NetBox v3.5.1 in the Create Power Panels API at /dcim/power-panels/ via the Name field. Multiple sources corroborate the flaw; the NVD entry assigns CVSSv3.1 base score 5.4 (Medium) with network attack vector, low complexity, user interaction required. The...