VYPR

netbox

by Anhdq201

CVEs (2)

  • CVE-2023-33796CriMay 24, 2023
    risk 0.59cvss 9.1epss 0.01

    A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which…

  • CVE-2023-33800MedMay 24, 2023
    risk 0.35cvss 5.4epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.