Vulnerabilities > Netbox > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-09 | CVE-2024-40735 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/. | 6.1 |
| 2024-07-09 | CVE-2024-40736 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add. | 6.1 |
| 2024-07-09 | CVE-2024-40737 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add. | 6.1 |
| 2024-07-09 | CVE-2024-40738 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/. | 6.1 |
| 2024-07-09 | CVE-2024-40739 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add. | 6.1 |
| 2024-07-09 | CVE-2024-40740 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/. | 6.1 |
| 2024-07-09 | CVE-2024-40741 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/. | 6.1 |
| 2024-07-09 | CVE-2024-40742 | Cross-site Scripting vulnerability in Netbox 4.0.3 A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add. | 6.1 |
| 2024-01-26 | CVE-2024-0948 | Cross-site Scripting vulnerability in Netbox ** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. | 6.1 |
| 2023-09-20 | CVE-2023-36234 | Cross-site Scripting vulnerability in Netbox 3.5.1 Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. | 5.4 |