NetBox 跨站脚本漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from a security issue in the Create Regions /dcim/regions/ function, and can be...

CVE-2023-33800

CVE-2023-33800 is a stored XSS in NetBox v3.5.1 affecting the Create Regions endpoint (/dcim/regions/). The Name field can be injected to execute arbitrary scripts/HTML. Public sources consistently describe a stored XSS applicable to NetBox 3.5.1, with a CVSS v3.1 base score of 5.4 (Medium) and a...

PT-2023-24491 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Providers function, specifically at the /circuits/providers/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting...

CVE-2023-33795

A stored cross-site scripting XSS vulnerability in the Create Contact Roles /tenancy/contact-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

CVE-2023-33785

A stored cross-site scripting XSS vulnerability in the Create Rack Roles /dcim/rack-roles/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

PT-2023-24488 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Rack Roles function, specifically at the /dcim/rack-roles/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a...

CVE-2023-33785

NetBox v3.5.1 is affected by a stored XSS in the Create Rack Roles endpoint (/dcim/rack-roles/). The vulnerability arises from injecting a crafted payload into the Name field, enabling execution of arbitrary web scripts/HTML. Connections documents confirm the issue description but do not provide ...

CVE-2023-33791

NetBox v3.5.1 contains a stored XSS vulnerability in the Create Provider Accounts endpoint (/circuits/provider-accounts/), exploitable by injecting a crafted payload into the Name field. The issue is confirmed across multiple sources (including Red Hat, OSV, NVD entries) and is described as allow...

CVE-2023-33790

NetBox v3.5.1 contains a stored XSS in the Create Locations (/dcim/locations/) Name field. The vulnerability allows an attacker to inject arbitrary web scripts/HTML, with impact limited to user’s session and potentially broader depending on context, as described across multiple feeds (including R...

CVE-2023-33799

NetBox 3.5.1 contains a stored XSS in the Create Contacts API at /tenancy/contacts/ triggered by crafting the Name field. Multiple sources (NVD/Red Hat/OSV/others) confirm the vulnerability description; no explicit patch/version fix is provided in the documents. Some sources (PT-2023-24502) recom...

CVE-2023-33800

A stored cross-site scripting XSS vulnerability in the Create Regions /dcim/regions/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...

NetBox 跨站脚本漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows...

CVE-2023-33787

The CVE-2023-33787 entry concerns a stored cross-site scripting (XSS) vulnerability in NetBox v3.5.1, specifically in the Create Tenant Groups API at /tenancy/tenant-groups/ where a crafted payload in the Name field can execute arbitrary web scripts/HTML. Affected component: the Create Tenant Gro...

NetBox Cross-Site Scripting Vulnerability

NetBox is an IP address management IPAM and data center infrastructure management DCIM tool. A cross-site scripting vulnerability exists in NetBox 2.6.2 and earlier versions. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via /dcim/sites/add/comments...

CVE-2019-25011

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...

CVE-2019-25011

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...

Code injection

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...

CVE-2019-25011

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments...

CVE-2019-25011

NetBox

NetBox 跨站脚本漏洞

NetBox is an IP address management IPAM and data center infrastructure management DCIM tool. A cross-site scripting vulnerability exists in NetBox 2.6.2 and earlier versions. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via /dcim/sites/add/comments...