CVE-2023-33793
https://notcve.org/view.php?id=CVE-2023-33793
A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-33797
https://notcve.org/view.php?id=CVE-2023-33797
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/12 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-33795
https://notcve.org/view.php?id=CVE-2023-33795
A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. • https://github.com/anhdq201/netbox/issues/15 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2019-25011
https://notcve.org/view.php?id=CVE-2019-25011
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments. NetBox versiones hasta 2.6.2, permite a un usuario autenticado conducir un ataque de tipo XSS contra un administrador por medio de un campo renderizado por GFM, como es demostrado por unos comentarios de /dcim/sites/add/. • http://www.cinquino.eu/NetBox.htm https://github.com/netbox-community/netbox/issues/3471 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •