14 matches found
CVE-2024-40741
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...
NetBox Cross-Site Scripting Vulnerability (CNVD-2024-37578)
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...
CVE-2024-40741
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...
CVE-2024-40742
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...
CVE-2024-40742
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...
NetBox 安全漏洞
NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...
CVE-2024-40742
CVE-2024-40742 concerns a cross-site scripting (XSS) vulnerability in netbox v4.0.3. The issue arises from insufficient filtering/escaping of user-supplied data in the circuit ID parameter of the /circuits/circuits/add endpoint, allowing an attacker to inject arbitrary HTML/JS. The impact is that...
CVE-2024-40742
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...
CVE-2024-40741
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...
CVE-2024-40742
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add...
CVE-2024-40741
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...
PT-2024-29021 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at the "/circuits/circuits/add" API endpoint...
CVE-2024-40741
NetBox v4.0.3 is affected by an XSS vulnerability via the circuit ID parameter in /circuits/circuits/{id}/edit/. The root cause is insufficient filtering/escaping of user-supplied data in that parameter, allowing injection of arbitrary HTML/script into the page. Impact is limited to client-side e...
PT-2024-29020 · Netbox · Netbox
Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at "/circuits/circuits/id/edit/" API endpoint...