Vulnerabilities > Netbox

DATE CVE VULNERABILITY TITLE RISK
2023-05-24 CVE-2023-33793 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2023-05-24 CVE-2023-33794 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2023-05-24 CVE-2023-33795 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2023-05-24 CVE-2023-33796 Unspecified vulnerability in Netbox 3.5.1
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database.
network
low complexity
netbox
critical
9.1
2023-05-24 CVE-2023-33797 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2023-05-24 CVE-2023-33798 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2023-05-24 CVE-2023-33799 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2023-05-24 CVE-2023-33800 Cross-site Scripting vulnerability in Netbox 3.5.1
A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
network
low complexity
netbox CWE-79
5.4
2020-12-31 CVE-2019-25011 Cross-site Scripting vulnerability in Netbox
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.
network
low complexity
netbox CWE-79
5.4