CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-28975
https://notcve.org/view.php?id=CVE-2022-28975
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Infoblox NIOS v8.5.2-409296 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectadp en el campo VLAN View Name. • http://infoblox.com https://piotrryciak.com/posts/xss-infoblox • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-37249
https://notcve.org/view.php?id=CVE-2023-37249
Infoblox NIOS through 8.5.1 has a faulty component that accepts malicious input without sanitization, resulting in shell access. • https://community.infoblox.com/t5/trending-kb-articles/nios-is-vulnerable-to-cve-2023-37249/ba-p/32190 https://infoblox.com • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •