CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0948 – NetBox Home Page Configuration config-revisions cross site scripting
https://notcve.org/view.php?id=CVE-2024-0948
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing https://vuldb.com/?ctiid.252191 https://vuldb.com/?id.252191 https://vuldb.com/?submit.270218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-25011
https://notcve.org/view.php?id=CVE-2019-25011
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. NetBox versiones hasta 2.6.2, permite a un usuario autenticado conducir un ataque de tipo XSS contra un administrador por medio de un campo renderizado por GFM, como es demostrado por unos comentarios de /dcim/sites/add/. • http://www.cinquino.eu/NetBox.htm https://github.com/netbox-community/netbox/issues/3471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 2CVE-2010-2465
https://notcve.org/view.php?id=CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, almacena información sensible bajo la raíz web con insuficiente control de acceso, lo que permite a atacantes remotos descargar logs de nodo, fotografías de personas, y archivos backup a través de peticiones no especificadas. • http://blip.tv/file/3414004 http://osvdb.org/65757 http://secunia.com/advisories/40374 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.kb.cert.org/vuls/id/251133 http://www.kb.cert.org/vuls/id/MAPG-83TQL8 http://www.securityfocus.com/bid/41134 http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 2CVE-2010-2466
https://notcve.org/view.php?id=CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no previene adecuadamente la descarga de datos backups, lo que permite a atacantes remotos obtener información sensible a través de peticiones para ficheros full_*.dar con nombres de ficheros predecibles. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.kb.cert.org/vuls/id/228737 http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59826 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 2CVE-2010-2468
https://notcve.org/view.php?id=CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. El S2 Security NetBox v2.x v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, usa un algoritmo hash débil para almacenar la contraseña de Administrador, lo que hace fácil a atacantes dependientes del contexto obtener privilegios de acceso para recuperando el texto limpio de esta contraseña. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59827 • CWE-310: Cryptographic Issues •