VYPR

Vendor CVEs

Netbox Community

All CVEs

40 total · sorted by risk
  • CVE-2026-29514HigMay 4, 2026
    risk 0.50cvss 8.8epss 0.01

    NetBox versions 4.3.5 through 4.5.4 contain a remote code execution vulnerability in the RenderTemplateMixin.get_environment_params() method that allows authenticated users with exporttemplate or configtemplate permissions to execute arbitrary code by specifying malicious Python…

  • CVE-2025-69848Feb 3, 2026
    risk 0.00cvss epss 0.00

    NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages…

  • CVE-2024-56915Jun 26, 2025
    risk 0.00cvss epss 0.00

    Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.

  • CVE-2024-56917Jun 24, 2025
    risk 0.00cvss epss 0.00

    Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.

  • CVE-2024-56918Jun 24, 2025
    risk 0.00cvss epss 0.00

    In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.

  • CVE-2024-56916Jun 24, 2025
    risk 0.00cvss epss 0.00

    In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field.…

  • CVE-2024-40726Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.

  • CVE-2024-40727Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/.

  • CVE-2024-40740Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.

  • CVE-2024-40742Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add.

  • CVE-2024-40732Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.

  • CVE-2024-40739Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.

  • CVE-2024-40728Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/.

  • CVE-2024-40737Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/add.

  • CVE-2024-40738Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.

  • CVE-2024-40731Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.

  • CVE-2024-40730Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/.

  • CVE-2024-40741Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/{id}/edit/.

  • CVE-2024-40734Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.

  • CVE-2024-38972Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/add/.

  • CVE-2024-40729Jul 9, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.

  • CVE-2023-36234Sep 20, 2023
    risk 0.00cvss epss 0.00

    Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function.

  • CVE-2023-34565Jun 14, 2023
    risk 0.00cvss epss 0.00

    Netbox 3.5.1 is vulnerable to Cross Site Scripting (XSS) in the "Create Wireless LAN Groups" function.

  • CVE-2023-33794May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Tenants (/tenancy/tenants/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33798May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Rack (/dcim/rack/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33789May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Contact Groups (/tenancy/contact-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33790May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Locations (/dcim/locations/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33800May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Regions (/dcim/regions/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33785May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Rack Roles (/dcim/rack-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33799May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Contacts (/tenancy/contacts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33791May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33786May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Circuit Types (/circuits/circuit-types/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33796May 24, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in Netbox v3.5.1 allows unauthenticated attackers to execute queries against the GraphQL database, granting them access to sensitive data stored in the database. NOTE: the vendor disputes this because the reporter's only query was for the schema of the API, which…

  • CVE-2023-33793May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Power Panels (/dcim/power-panels/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33792May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Site Groups (/dcim/site-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33797May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Sites (/dcim/sites/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33788May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Providers (/circuits/providers/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33787May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Tenant Groups (/tenancy/tenant-groups/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2023-33795May 24, 2023
    risk 0.00cvss epss 0.00

    A stored cross-site scripting (XSS) vulnerability in the Create Contact Roles (/tenancy/contact-roles/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

  • CVE-2019-25011Dec 31, 2020
    risk 0.00cvss epss 0.01

    NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.