483 matches found
CVE-2023-33794
NetBox 3.5.1 is affected by a stored XSS vulnerability in the Create Tenants API (endpoint /tenancy/tenants/) where an attacker can inject arbitrary web scripts/HTML via the Name field. Multiple connected sources (NVD, Red Hat, OSV, CVE.org, CNNVD, etc.) confirm the issue as a stored XSS conditio...
NetBox 跨站脚本漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in NetBox version v3.5.1, which stems from a security issue in the Create Tenants /tenancy/tenants/ feature, and can b...
PT-2023-24497 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Tenants function, specifically at the /tenancy/tenants/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a...
CVE-2023-33792
A stored cross-site scripting XSS vulnerability in the Create Site Groups /dcim/site-groups/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
PT-2023-24495 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Site Groups function, specifically at the /dcim/site-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting...
PT-2023-24494 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Provider Accounts function, specifically at the /circuits/provider-accounts/ API endpoint, allowing attackers to execute arbitrary web scripts or...
PT-2023-24504 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Regions function, specifically at the /dcim/regions/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a craft...
PT-2023-24500 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Sites function, specifically at the /dcim/sites/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted paylo...
PT-2023-24490 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Tenant Groups function, specifically at the /tenancy/tenant-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by...
PT-2023-24502 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Contacts function, specifically at the /tenancy/contacts/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a...
PT-2023-24488 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Rack Roles function, specifically at the /dcim/rack-roles/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a...
PT-2023-24498 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Contact Roles function, specifically at the /tenancy/contact-roles/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by...
PT-2023-24496 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Power Panels function, specifically at the /dcim/power-panels/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecti...
PT-2023-24492 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Contact Groups function, specifically at the /tenancy/contact-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by...
PT-2023-24501 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Rack function, specifically at the /dcim/rack/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload...
PT-2023-24491 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: A stored cross-site scripting XSS issue exists in the Create Providers function, specifically at the /circuits/providers/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting...
CVE-2023-33797
Summary: CVE-2023-33797 is a stored XSS vulnerability in NetBox v3.5.1 affecting the Create Sites endpoint (/dcim/sites/) where a crafted payload injected into the Name field can execute arbitrary scripts/HTML. Technical details in sources indicate NetBox 3.5.1 is affected; no explicit exploit co...
CVE-2023-33796
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; querie...
CVE-2023-33786
A stored cross-site scripting XSS vulnerability in the Create Circuit Types /circuits/circuit-types/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...
CVE-2023-33794
A stored cross-site scripting XSS vulnerability in the Create Tenants /tenancy/tenants/ function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field...