483 matches found
CVE-2024-40728
NetBox v4.0.3 is affected by an XSS flaw in the /dcim/console-server-ports/{id}/edit/ Name field due to insufficient filtering/escaping of user input. Multiple sources (Red Hat, CNVD, OSV, NVD, CVE listings) confirm a cross-site scripting vulnerability that could allow an attacker to inject arbit...
CVE-2024-40729
NetBox v4.0.3 is affected by a cross-site scripting (XSS) vulnerability in the Name parameter of the /dcim/interfaces/add/ form. The vulnerability arises from insufficient filtering/escaping of user input, allowing an attacker to inject arbitrary HTML/JS into the page. Documents consistently iden...
CVE-2024-38972
NetBox vulnerability CVE-2024-38972 is an XSS issue in version 4.0.3. The root cause is lack of proper filtering/escaping of user-supplied data in the Name parameter at the /dcim/power-ports/add/ endpoint, allowing injection of arbitrary HTML/script code. Affected product: NetBox v4.0.3 (DCIM/IPA...
CVE-2024-40739
NetBox v4.0.3 contains a cross-site scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML/script via the Name parameter on the /dcim/power-feeds/add page. Root cause appears to be insufficient input filtering/escaping of user-supplied data in that location (as reported by...
CVE-2024-40741
NetBox v4.0.3 is affected by an XSS vulnerability via the circuit ID parameter in /circuits/circuits/{id}/edit/. The root cause is insufficient filtering/escaping of user-supplied data in that parameter, allowing injection of arbitrary HTML/script into the page. Impact is limited to client-side e...
CVE-2024-40734
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/...
CVE-2024-40739
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...
CVE-2024-40739
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...
CVE-2024-40733
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/id/edit/...
CVE-2024-40728
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/id/edit/...
NetBox 安全漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...
PT-2024-29020 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at "/circuits/circuits/id/edit/" API endpoint...
NetBox 安全漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...
PT-2024-29016 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/console-ports/id/edit/". Recommendations: For netbox...
NetBox 安全漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...
PT-2024-29019 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-feeds/id/edit/" API endpoint. Recommendations:...
CVE-2024-40738
Summary: CVE-2024-40738 is a cross-site scripting (XSS) vulnerability affecting NetBox v4.0.3. The issue arises from lack of proper filtering/escaping of user-supplied data in the Name parameter at the URL path /dcim/console-ports/{id}/edit/, allowing an attacker to inject arbitrary HTML/JS. Docu...
CVE-2024-40740
CVE-2024-40740 is an XSS vulnerability in NetBox v4.0.3. The issue arises from insufficient filtering/escaping of user-supplied data in the Name parameter of the /dcim/power-feeds/{id}/edit/ endpoint, allowing an attacker to inject arbitrary HTML/JS. Multiple connected sources confirm the affecte...
CVE-2024-40731
CVE-2024-40731 is an XSS vulnerability in NetBox v4.0.3. The issue arises from insufficient filtering/escaping of user-supplied data in the Name parameter of the endpoint /dcim/rear-ports/{id}/edit/, allowing injection of arbitrary HTML/JS in the affected web page. Several connected sources corro...
PT-2024-28299 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-ports/add/". Recommendations: For netbox versi...