CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0948 – NetBox Home Page Configuration config-revisions cross site scripting
https://notcve.org/view.php?id=CVE-2024-0948
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing https://vuldb.com/?ctiid.252191 https://vuldb.com/?id.252191 https://vuldb.com/?submit.270218 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-37625
https://notcve.org/view.php?id=CVE-2023-37625
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates. • https://github.com/benjaminpsinclair/Netbox-CVE-2023-37625 https://github.com/benjaminpsinclair/Netbox-CVE https://github.com/netbox-community/netbox/issues/12205 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 6EXPL: 2CVE-2010-2465
https://notcve.org/view.php?id=CVE-2010-2465
The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests. S2 Security NetBox, probablemente v2.x v3.x, comoel usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, almacena información sensible bajo la raíz web con insuficiente control de acceso, lo que permite a atacantes remotos descargar logs de nodo, fotografías de personas, y archivos backup a través de peticiones no especificadas. • http://blip.tv/file/3414004 http://osvdb.org/65757 http://secunia.com/advisories/40374 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.kb.cert.org/vuls/id/251133 http://www.kb.cert.org/vuls/id/MAPG-83TQL8 http://www.securityfocus.com/bid/41134 http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot- • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 3CVE-2010-2467
https://notcve.org/view.php?id=CVE-2010-2467
The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database backups, which makes it easier for remote attackers to download backup files via unspecified FTP requests. S2 Security NetBox, possibly v.x y v3.x, como el usado en Linear eMerge 50 y 5000 y Sonitrol eAccess, no requiere configurar una clave para el servidor FTP que almacena backups de datos, lo que hace sencillo para atacantes remotos descargar ficheros backup a través de peticiones FTP no especificadas. • http://blip.tv/file/3414004 http://www.darkreading.com/blog/archives/2010/04/attacking_door.html http://www.securityinfowatch.com/Executives+Columns+%2526+Features/1316527?pageNum=2 http://www.slideshare.net/shawn_merdinger/we-dont-need-no-stinkin-badges-hacking-electronic-door-access-controllersquot-shawn-merdinger-carolinacon https://exchange.xforce.ibmcloud.com/vulnerabilities/59828 • CWE-255: Credentials Management Errors •