CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0948 – NetBox Home Page Configuration config-revisions cross site scripting
https://notcve.org/view.php?id=CVE-2024-0948
26 Jan 2024 — ** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-25011
https://notcve.org/view.php?id=CVE-2019-25011
31 Dec 2020 — NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. NetBox versiones hasta 2.6.2, permite a un usuario autenticado conducir un ataque de tipo XSS contra un administrador por medio de un campo renderizado por GFM, como es demostrado por unos comentarios de /dcim/sites/add/. • http://www.cinquino.eu/NetBox.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 3%CPEs: 6EXPL: 2CVE-2010-2465
https://notcve.org/view.php?id=CVE-2010-2465
25 Jun 2010 — The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, almacena información sensible bajo la raíz web con insuficiente control de acceso, lo que p... • http://blip.tv/file/3414004 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 2CVE-2010-2468
https://notcve.org/view.php?id=CVE-2010-2468
25 Jun 2010 — The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. El S2 Security NetBox v2.x v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, usa un algoritmo hash débil para almacenar la contraseña de Administrador, lo que hace fácil a atacantes dependientes de... • http://blip.tv/file/3414004 • CWE-310: Cryptographic Issues •
CVSS: 9.1EPSS: 1%CPEs: 6EXPL: 3CVE-2010-2467
https://notcve.org/view.php?id=CVE-2010-2467
25 Jun 2010 — The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. S2 Security NetBox, possibly v.x y v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no requiere configurar una clave para el servidor FTP que almacena backups de datos, lo que hace sencillo para ata... • http://blip.tv/file/3414004 • CWE-255: Credentials Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 5EXPL: 2CVE-2010-2466
https://notcve.org/view.php?id=CVE-2010-2466
25 Jun 2010 — The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no previene adecuadamente la descarga de datos backups, lo que permite a atacantes remotos obtener información ... • http://blip.tv/file/3414004 • CWE-264: Permissions, Privileges, and Access Controls •