Vulnerabilities (CVE)

Filtered by vendor Netbox Project Subscribe
Filtered by product Netbox
Total 18 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-33796 1 Netbox Project 1 Netbox 2024-08-02 N/A 9.1 CRITICAL
** DISPUTED ** A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
CVE-2023-33786 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33790 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33787 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33785 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33795 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2019-25011 1 Netbox Project 1 Netbox 2024-02-02 3.5 LOW 5.4 MEDIUM
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.
CVE-2023-33788 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33797 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33793 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33792 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33798 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33794 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33791 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33789 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-33800 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVE-2023-37625 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Netbox v3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.
CVE-2023-33799 1 Netbox Project 1 Netbox 2024-02-02 N/A 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.