Vulnerabilities > Infoblox > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-01-09 CVE-2022-28975 Cross-site Scripting vulnerability in Infoblox Nios 8.5.2409296
A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field.
network
low complexity
infoblox CWE-79
5.4
2021-06-28 CVE-2020-15303 XML Entity Expansion vulnerability in Infoblox Nios
Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564.
network
low complexity
infoblox CWE-776
6.5
2019-06-17 CVE-2018-10239 Permissions, Privileges, and Access Controls vulnerability in Infoblox Nios
A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope.
local
low complexity
infoblox CWE-264
6.7
2018-08-28 CVE-2018-6643 Cross-site Scripting vulnerability in Infoblox Netmri 7.1.1
Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter.
network
low complexity
infoblox CWE-79
6.1
2017-01-23 CVE-2016-6484 CRLF Injection vulnerability in Infoblox Netmri
CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.
network
low complexity
infoblox CWE-93
6.1