Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2024-01-09	CVE-2022-28975	Cross-site Scripting vulnerability in Infoblox Nios 8.5.2409296 A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field. network low complexity infoblox CWE-79	5.4
2021-06-28	CVE-2020-15303	XML Entity Expansion vulnerability in Infoblox Nios Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. network low complexity infoblox CWE-776	6.5
2019-06-17	CVE-2018-10239	Permissions, Privileges, and Access Controls vulnerability in Infoblox Nios A privilege escalation vulnerability in the "support access" feature on Infoblox NIOS 6.8 through 8.4.1 could allow a locally authenticated administrator to temporarily gain additional privileges on an affected device and perform actions within the super user scope. local low complexity infoblox CWE-264	6.7
2018-08-28	CVE-2018-6643	Cross-site Scripting vulnerability in Infoblox Netmri 7.1.1 Infoblox NetMRI 7.1.1 has Reflected Cross-Site Scripting via the /api/docs/index.php query parameter. network low complexity infoblox CWE-79	6.1
2017-01-23	CVE-2016-6484	CRLF Injection vulnerability in Infoblox Netmri CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf. network low complexity infoblox CWE-93	6.1