52 matches found
CVE-2026-29514
A flaw was found in NetBox. Authenticated users with exporttemplate or configtemplate permissions can exploit a vulnerability in the RenderTemplateMixin.getenvironmentparams method. By specifying malicious Python code in the environmentparams field, attackers can bypass security protections and...
NetBox 安全漏洞
NetBox is a tool developed by the NetBox community, based on Django and PostgreSQL, for IP address management IPAM and data center infrastructure management DCIM. There were security vulnerabilities in versions 4.3.5 to 4.5.4 of NetBox. These vulnerabilities stemmed from remote code execution in...
CVE-2025-57543
Cross Site scripting vulnerability XSS in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts...
EUVD-2024-38602
Malicious code in bioql PyPI...
EUVD-2024-16727
Malicious code in bioql PyPI...
EUVD-2024-42320
Malicious code in bioql PyPI...
CVE-2024-56916
A cross-site scripting flaw was found in Netbox. An attacker with an authenticated account on the system can add malicious Javascript code to a banner field and potentially execute this code in the context of another user's session. Mitigation Mitigation for this issue is either not available or...
CVE-2024-56918
A Cross-site scripting flaw was found in Netbox. This flaw allows an attacker with an account on the system to exfiltrate user data from the login form. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteri...
CVE-2024-40739
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add...
CVE-2024-40740
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/id/edit/...
CVE-2024-40735
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/id/edit/...
CVE-2024-40737
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add...
CVE-2024-40730
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/id/edit/...
CVE-2024-40734
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/...
CVE-2024-40732
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/...
CVE-2024-0948
DISPUTED A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input test leads to cross site scripting. The atta...
CVE-2024-40726
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/id/edit/...
CVE-2024-40731
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/id/edit/...
CVE-2024-40738
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/id/edit/...
CVE-2024-40741
A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/id/edit/...