CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0948 – NetBox Home Page Configuration config-revisions cross site scripting
https://notcve.org/view.php?id=CVE-2024-0948
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing https://vuldb.com/?ctiid.252191 https://vuldb.com/?id.252191 https://vuldb.com/?submit.270218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2019-25011
https://notcve.org/view.php?id=CVE-2019-25011
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. NetBox versiones hasta 2.6.2, permite a un usuario autenticado conducir un ataque de tipo XSS contra un administrador por medio de un campo renderizado por GFM, como es demostrado por unos comentarios de /dcim/sites/add/. • http://www.cinquino.eu/NetBox.htm https://github.com/netbox-community/netbox/issues/3471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 3CVE-2010-2467
https://notcve.org/view.php?id=CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. S2 Security NetBox, possibly v.x y v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no requiere configurar una clave para el servidor FTP que almacena backups de datos, lo que hace sencillo para atacantes remotos descargar ficheros backup a través de peticiones FTP no especificadas. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59828 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 2CVE-2010-2468
https://notcve.org/view.php?id=CVE-2010-2468
The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier for context-dependent attackers to obtain privileged access by recovering the cleartext of this password. El S2 Security NetBox v2.x v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, usa un algoritmo hash débil para almacenar la contraseña de Administrador, lo que hace fácil a atacantes dependientes del contexto obtener privilegios de acceso para recuperando el texto limpio de esta contraseña. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59827 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 2CVE-2010-2466
https://notcve.org/view.php?id=CVE-2010-2466
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to obtain sensitive information via requests for full_*.dar files with predictable filenames. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no previene adecuadamente la descarga de datos backups, lo que permite a atacantes remotos obtener información sensible a través de peticiones para ficheros full_*.dar con nombres de ficheros predecibles. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.kb.cert.org/vuls/id/228737 http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59826 • CWE-264: Permissions, Privileges, and Access Controls •