Shodan
Vulnerabilities
Vulnerable Software
Netbox:  >> Netbox  >> 3.5.1  Security Vulnerabilities
CVE-2023-33790
A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24
CVE-2023-33791
A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24
CVE-2023-33792
A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24
CVE-2023-33793
A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24
CVE-2023-33794
A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-24
CVE-2023-33795
A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24
CVE-2023-33796
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-05-24
CVE-2023-33797
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-24
CVE-2023-33798
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24


Products
Pricing
Contact Us

Shodan ® - All rights reserved