Search Results (363261 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-40740 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/{id}/edit/.
CVE-2024-40739 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-feeds/add.
CVE-2024-40738 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-ports/{id}/edit/.
CVE-2024-40736 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add.
CVE-2024-40735 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/{id}/edit/.
CVE-2024-40734 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/add/.
CVE-2024-40733 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/front-ports/{id}/edit/.
CVE-2024-40732 1 Netbox 1 Netbox 2024-11-21 7.1 High
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/add/.
CVE-2024-40731 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/rear-ports/{id}/edit/.
CVE-2024-40730 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/{id}/edit/.
CVE-2024-40729 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/interfaces/add/.
CVE-2024-40728 1 Netbox 1 Netbox 2024-11-21 7.1 High
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/{id}/edit/.
CVE-2024-40727 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/console-server-ports/add/.
CVE-2024-40726 1 Netbox 1 Netbox 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.
CVE-2024-40690 1 Ibm 1 Infosphere Information Server 2024-11-21 5.4 Medium
IBM InfoSphere Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 297720.
CVE-2024-40689 1 Ibm 2 Infosphere Information Server, Infosphere Information Server On Cloud 2024-11-21 6 Medium
IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719.
CVE-2024-40637 1 Getdbt 1 Dbt Core 2024-11-21 4.2 Medium
dbt enables data analysts and engineers to transform their data using the same practices that software engineers use to build applications. When a user installs a package in dbt, it has the ability to override macros, materializations, and other core components of dbt. This is by design, as it allows packages to extend and customize dbt's functionality. However, this also means that a malicious package could potentially override these components with harmful code. This issue has been fixed in versions 1.8.0, 1.6.14 and 1.7.14. Users are advised to upgrade. There are no kn own workarounds for this vulnerability. Users updating to either 1.6.14 or 1.7.14 will need to set `flags.require_explicit_package_overrides_for_builtin_materializations: False` in their configuration in `dbt_project.yml`.
CVE-2024-40617 1 Fujitsu 2 Network Edgiot Gw1500, Network Edgiot Gw1500 Firmware 2024-11-21 6.5 Medium
Path traversal vulnerability exists in FUJITSU Network Edgiot GW1500 (M2M-GW for FENICS). If a remote authenticated attacker with User Class privilege sends a specially crafted request to the affected product, access restricted files containing sensitive information may be accessed. As a result, Administrator Class privileges of the product may be hijacked.
CVE-2024-40601 1 Mediawiki 1 Mediawiki 2024-11-21 6.3 Medium
An issue was discovered in the MediaWikiChat extension for MediaWiki through 1.42.1. CSRF can occur in API modules.
CVE-2024-40600 1 Mediawiki 2 Mediawiki, Metrolook Skin 2024-11-21 6.1 Medium
An issue was discovered in the Metrolook skin for MediaWiki through 1.42.1. There is stored XSS via MediaWiki:Sidebar top-level menu entries.