Vulnerabilities > Netbox

DATE CVE VULNERABILITY TITLE RISK
2024-07-09 CVE-2024-40735 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40736 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40737 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40738 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40739 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40740 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40741 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/.
network
low complexity
netbox CWE-79
6.1
2024-07-09 CVE-2024-40742 Cross-site Scripting vulnerability in Netbox 4.0.3
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add.
network
low complexity
netbox CWE-79
6.1
2024-01-26 CVE-2024-0948 Cross-site Scripting vulnerability in Netbox
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0.
network
low complexity
netbox CWE-79
6.1
2023-09-20 CVE-2023-36234 Cross-site Scripting vulnerability in Netbox 3.5.1
Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.
network
low complexity
netbox CWE-79
5.4