📦 Netbox

A disputed vulnerability in Netbox v3.5.1 reportedly allows unauthenticated attackers to query the GraphQL database, potentially exposing sensitive data. The vendor disputes the severity, stating only...

A reflected cross-site scripting (XSS) vulnerability in NetBox allows attackers to inject malicious scripts into error messages when delete operations fail. This affects NetBox versions 2.11.0 through...

This vulnerability allows attackers to inject malicious scripts into Netbox's RSS feed widget, which are then executed in users' browsers when viewing the widget. It affects Netbox Community v4.1.7 in...

A stored XSS vulnerability exists in NetBox 4.1.0's configuration history feature where authenticated users can inject malicious JavaScript/HTML into the 'Top banner' field. This allows attackers to e...

A stored cross-site scripting (XSS) vulnerability in NetBox v4.0.3 allows authenticated attackers to inject malicious scripts into the Name parameter when adding console ports. This vulnerability affe...

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 where attackers can inject malicious scripts into the Name parameter when adding power feeds. This allows execution of ar...

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 that allows attackers to inject malicious scripts into the circuit ID parameter. When exploited, this enables execution o...

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 where attackers can inject malicious scripts into the Name parameter when adding console server ports. This allows execut...

This cross-site scripting (XSS) vulnerability in NetBox v4.0.3 allows attackers to inject malicious scripts into the Name parameter when adding interfaces, which could execute arbitrary code in victim...

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 that allows attackers to inject malicious scripts into the Name parameter when editing rear ports. This affects all NetBo...

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 that allows attackers to inject malicious scripts into the Name parameter when editing front ports. This affects any NetB...

A stored cross-site scripting (XSS) vulnerability in NetBox v4.0.3 allows authenticated attackers to inject malicious scripts into the Name parameter of power outlet edit forms. When other users view ...

This CVE describes a cross-site scripting (XSS) vulnerability in NetBox v4.0.3 that allows attackers to inject malicious scripts into the Name parameter when adding power ports. Attackers can execute ...