Anhdq201

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Sites function, specifically at the /dcim/sites/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, as a temporary workaround, consider restricting access to the Create Sites function until a patch is available. Avoid using the `Name` field in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Circuit Types function, specifically at the /circuits/circuit-types/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Circuit Types function at the /circuits/circuit-types/ API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary web script or HTML execution. Avoid using the `Name` field in the Create Circuit Types function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Provider Accounts function, specifically at the /circuits/provider-accounts/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, as a temporary workaround, consider restricting access to the Create Provider Accounts function at the /circuits/provider-accounts/ API endpoint until a patch is available. Avoid using the `Name` field in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Contact Roles function, specifically at the /tenancy/contact-roles/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Contact Roles function until a patch is available to prevent exploitation of the stored XSS issue. Restrict access to the /tenancy/contact-roles/ API endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Contact Roles function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Regions function, specifically at the /dcim/regions/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, as a temporary workaround, consider restricting access to the Create Regions function at the /dcim/regions/ API endpoint until a patch is available. Avoid using the `Name` field in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Providers function, specifically at the /circuits/providers/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Providers function at the /circuits/providers/ API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Providers function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Tenant Groups function, specifically at the /tenancy/tenant-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Tenant Groups function until a patch is available to prevent exploitation of the stored XSS issue. Restrict access to the /tenancy/tenant-groups/ API endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Tenant Groups function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Locations function, specifically at the /dcim/locations/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Locations function at the /dcim/locations/ endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Locations function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Power Panels function, specifically at the /dcim/power-panels/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Power Panels function until a patch is available to prevent exploitation. Restrict access to the /dcim/power-panels/ API endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the affected function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Tenants function, specifically at the /tenancy/tenants/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Tenants function until a patch is available to prevent exploitation of the stored XSS vulnerability. Restrict access to the /tenancy/tenants/ API endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Tenants function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Rack function, specifically at the /dcim/rack/ endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Rack function until a patch is available to prevent exploitation of the stored XSS issue. Restrict access to the /dcim/rack/ endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Rack function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Contacts function, specifically at the /tenancy/contacts/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Contacts function at the /tenancy/contacts/ API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Contacts function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Site Groups function, specifically at the /dcim/site-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Site Groups function at the /dcim/site-groups/ API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Site Groups function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Contact Groups function, specifically at the /tenancy/contact-groups/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Contact Groups function at the /tenancy/contact-groups/ API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Contact Groups function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Netbox version 3.5.1 **Description** A stored cross-site scripting (XSS) issue exists in the Create Rack Roles function, specifically at the /dcim/rack-roles/ API endpoint, allowing attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the `Name` field. **Recommendations** For Netbox version 3.5.1, consider disabling the Create Rack Roles function at the /dcim/rack-roles/ API endpoint until a patch is available to prevent exploitation. Restrict access to this endpoint to minimize the risk of arbitrary script execution. Avoid using the `Name` field in the Create Rack Roles function until the issue is resolved.

**Nome do software vulnerável e versões afetadas** Rukovoditel versão 3.2.1 **Descrição** Foi encontrada uma vulnerabilidade de cross-site scripting (XSS) armazenada na função “Adicionar novo campo” em “/index.php?module=entities/fields&entities id=24”. Isso permite que invasores executem scripts da web ou HTML arbitrários por meio de uma carga maliciosa injetada no campo “Nome abreviado”. **Recomendações** Para o Rukovoditel versão 3.2.1, considere desativar a função “Adicionar novo campo” em “/index.php?module=entities/fields&entities id=24” até que uma correção esteja disponível. Restrinja o acesso ao campo `Nome abreviado` para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Rukovoditel versão 3.2.1 **Descrição** O problema está relacionado a uma vulnerabilidade de cross-site scripting (XSS) armazenada no recurso Entities Group em “/index.php?module=entities/entities groups”. Isso permite que invasores executem scripts da web ou HTML arbitrários por meio de uma carga maliciosa injetada no campo `Name` após clicar em “Adicionar”. **Recomendações** Para o Rukovoditel versão 3.2.1, considere desativar o recurso Entities Group em “/index.php?module=entities/entities groups” até que uma correção esteja disponível para impedir a exploração da vulnerabilidade XSS armazenada. Restrinja o acesso ao campo `Name` no recurso Entities Group para minimizar o risco de execução de scripts web ou HTML arbitrários.

**Nome do software vulnerável e versões afetadas** webtareas versão 2.4p5 **Descrição** Foi detectada uma vulnerabilidade de script entre sites (XSS) no componente /general/search.php?searchtype=simple. Isso permite que invasores executem scripts da web ou HTML arbitrários por meio de uma carga maliciosa injetada no campo `Search`. **Recomendações** Para a versão 2.4p5 do webtareas, como solução temporária, considere restringir o acesso ao endpoint /general/search.php?searchtype=simple até que um patch esteja disponível. Evite usar o campo `Search` no componente afetado até que a vulnerabilidade seja resolvida. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Rukovoditel versão 3.2.1 **Descrição** Foi detectada uma vulnerabilidade de tipo cross-site scripting (XSS) armazenada no recurso “Highlight Row” na URL “/index.php?module=entities/listing types&entities id=24”. Isso permite que invasores executem scripts da web ou HTML arbitrários por meio de uma carga maliciosa injetada no campo `Note` após clicar em “Adicionar”. **Recomendações** Para o Rukovoditel versão 3.2.1, como solução temporária, considere desativar o recurso “Destaque a linha” até que uma correção esteja disponível. Restrinja o acesso ao endpoint “/index.php?module=entities/listing types&entities id=24” para minimizar o risco de exploração. Evite usar o campo `Note` no recurso afetado até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Rukovoditel versão 3.2.1 **Descrição** O problema está relacionado a uma vulnerabilidade de script entre sites (XSS) armazenada na função “Adicionar Página” em “/index.php?module=help pages/pages&entities id=24”. Isso permite que invasores executem scripts da web ou HTML arbitrários por meio de uma carga maliciosa injetada no campo `Title`. **Recomendações** Para o Rukovoditel versão 3.2.1, considere desativar a função “Adicionar Página” em “/index.php?module=help pages/pages&entities id=24” até que uma correção esteja disponível. Restrinja o acesso ao campo `Title` na função “Adicionar Página” para minimizar o risco de exploração. Evite usar o campo `Title` no endpoint da API afetado até que o problema seja resolvido. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.