28 matches found
EUVD-2024-55004
Malicious code in bioql PyPI...
EUVD-2024-54704
Malicious code in bioql PyPI...
EUVD-2024-54697
Malicious code in bioql PyPI...
CVE-2024-56915
A cross-site scripting XSS flaw has been discovered in netbox-community. An attacker who is able to populate the RSS feed may be able to inject javascript, which will be executed in the context of another user. Mitigation Mitigation for this issue is either not available or the currently availabl...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56915
CVE-2024-56915 affects NetBox Community from version 4.1.7, vulnerable to Cross Site Scripting via the RSS feed widget. The issue is fixed in v4.2.2; upgrade to 4.2.2 to remediate. The available sources describe the vulnerability as an XSS in the RSS feed widget, with no public exploitation detai...
PT-2025-26975 · Unknown · Netbox Community
Name of the Vulnerable Software and Affected Versions: Netbox Community versions 4.1.7 through 4.2.1 Description: The issue is related to Cross Site Scripting XSS via the RSS feed widget. This allows for potential malicious script execution. Recommendations: For Netbox Community version 4.1.7,...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56915
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting XSS via the RSS feed widget...
CVE-2024-56917
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting XSS via the maintenance banner in maintenance mode...
CVE-2024-56917
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting XSS via the maintenance banner in maintenance mode...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...
CVE-2024-56918
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...
CVE-2024-56918
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...
PT-2025-26758 · Unknown · Netbox Community
Name of the Vulnerable Software and Affected Versions: Netbox Community version 4.1.7 Description: The login page in Netbox Community is vulnerable to cross-site scripting XSS, allowing a privileged, authenticated attacker to exfiltrate user input from the login form. This issue enables the...
CVE-2024-56918
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...
CVE-2024-56918
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting XSS, which allows a privileged, authenticated attacker to exfiltrate user input from the login form...
CVE-2024-56916
In Netbox Community 4.1.7, once authenticated, Configuration History Addis vulnerable to cross-site scripting XSS due to the current value field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a...