CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40728
https://notcve.org/view.php?id=CVE-2024-40728
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/. Una vulnerabilidad de Cross Site Scripting (XSS) en netbox v4.0.3 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Name en /dcim/console-server-ports/{id}/edit/. • https://github.com/minhquan202/Vuln-Netbox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40726
https://notcve.org/view.php?id=CVE-2024-40726
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/. Una vulnerabilidad de Cross Site Scripting (XSS) en netbox v4.0.3 permite a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en el parámetro Name en /dcim/power-ports/{id}/edit/. • https://github.com/minhquan202/Vuln-Netbox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-40735
https://notcve.org/view.php?id=CVE-2024-40735
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. Una vulnerabilidad de Cross Site Scripting (XSS) en netbox v4.0.3 permite a los atacantes ejecutar scripts web o HTML de su elección a través de un payload manipulado inyectado en el parámetro Name en /dcim/power-outlets/{id}/edit/. • https://github.com/minhquan202/Vuln-Netbox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0948 – NetBox Home Page Configuration config-revisions cross site scripting
https://notcve.org/view.php?id=CVE-2024-0948
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing https://vuldb.com/?ctiid.252191 https://vuldb.com/?id.252191 https://vuldb.com/?submit.270218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-36234
https://notcve.org/view.php?id=CVE-2023-36234
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. La vulnerabilidad de Cross Site Scripting (XSS) en Netbox 3.5.1 permite a los atacantes ejecutar código arbitrario a través del campo Name en funciones de dispositivo/función agregar. • https://github.com/gozan10/cve/issues/6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •