Netbox: Security Vulnerabilities
A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which is public; queries for database objects would have been denied.
CVSS Score
9.1
EPSS Score
0.002
Published
2023-05-24
A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.002
Published
2023-05-24
A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-05-24
NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.
CVSS Score
5.4
EPSS Score
0.004
Published
2020-12-31
Page 5