Vulnerabilities > Infoblox > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2022-28975 Cross-site Scripting vulnerability in Infoblox Nios 8.5.2409296
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
network
low complexity
infoblox CWE-79
5.4
2021-06-28 CVE-2020-15303 XML Entity Expansion vulnerability in Infoblox Nios
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.
network
low complexity
infoblox CWE-776
4.0
2018-08-28 CVE-2018-6643 Cross-site Scripting vulnerability in Infoblox Netmri 7.1.1
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
network
infoblox CWE-79
4.3
2017-01-23 CVE-2016-6484 CRLF Injection vulnerability in Infoblox Netmri
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
network
infoblox CWE-93
4.3
2012-09-20 CVE-2011-5178 Cross-Site Scripting vulnerability in Infoblox Netmri
Multiple cross-site scripting (XSS) vulnerabilities in netmri/config/userAdmin/login.tdf in Infoblox NetMRI 6.0.2.42, 6.1.2, 6.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) eulaAccepted or (2) mode parameter.
network
infoblox CWE-79
4.3
2004-12-06 CVE-2004-0606 Unspecified vulnerability in Infoblox DNS ONE Appliance 2.4.0.8/2.4.0.8A
Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request.
network
infoblox
6.8
2002-12-31 CVE-2002-2213 Remote Security vulnerability in BIND
The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.
network
low complexity
infoblox isc
5.0