NotCVE - vendor:"Netbox" product:"Netbox" version:"3.5.1"

Page 4 of 21 results (0.012 seconds)

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-33792

https://notcve.org/view.php?id=CVE-2023-33792

A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/10 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-33793

https://notcve.org/view.php?id=CVE-2023-33793

A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-33797

https://notcve.org/view.php?id=CVE-2023-33797

A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2023-33795

https://notcve.org/view.php?id=CVE-2023-33795

A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 2

CVE-2010-2465

https://notcve.org/view.php?id=CVE-2010-2465

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, almacena información sensible bajo la raíz web con insuficiente control de acceso, lo que permite a atacantes remotos descargar logs de nodo, fotografías de personas, y archivos backup a través de peticiones no especificadas. • http://blip.tv/file/3414004 http://osvdb.org/65757 http://secunia.com/advisories/40374 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.kb.cert.org/vuls/id/251133 http://www.kb.cert.org/vuls/id/MAPG-83TQL8 http://www.securityfocus.com/bid/41134 http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot- • CWE-264: Permissions, Privileges, and Access Controls •

1 2 3 4 5