28 matches found
EUVD-2024-54704
Malicious code in bioql PyPI...
EUVD-2024-54697
Malicious code in bioql PyPI...
EUVD-2024-55004
Malicious code in bioql PyPI...
CVE-2024-56915
A cross-site scripting XSS flaw has been discovered in netbox-community. An attacker who is able to populate the RSS feed may be able to inject javascript, which will be executed in the context of another user. Mitigation Mitigation for this issue is either not available or the currently availabl...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56915
CVE-2024-56915 affects NetBox Community from version 4.1.7, vulnerable to Cross Site Scripting via the RSS feed widget. The issue is fixed in v4.2.2; upgrade to 4.2.2 to remediate. The available sources describe the vulnerability as an XSS in the RSS feed widget, with no public exploitation detai...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
PT-2025-26975 · Unknown · Netbox Community
Name of the Vulnerable Software and Affected Versions: Netbox Community versions 4.1.7 through 4.2.1 Description: The issue is related to Cross Site Scripting XSS via the RSS feed widget. This allows for potential malicious script execution. Recommendations: For Netbox Community version 4.1.7,...
CVE-2024-56917
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting XSS via the maintenance banner in maintenance mode...
CVE-2024-56917
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting XSS via the maintenance banner in maintenance mode...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
CVE-2024-56918
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...
CVE-2024-56918
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
CVE-2024-56917
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting XSS via the maintenance banner in maintenance mode...
CVE-2024-56916
CVE-2024-56916 (NetBox Community 4.1.7) is a cross-site scripting (XSS) vulnerability in the Configuration History > Add feature, caused by the current value field rendering user-supplied HTML. An authenticated attacker can inject malicious JavaScript into the banner field, and the payload tri...