Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
History

Tue, 26 Aug 2025 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Networktocode
Networktocode nautobot
CPEs cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:*
Vendors & Products Networktocode
Networktocode nautobot

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-08-02T02:27:53.473Z

Reserved: 2024-04-22T15:14:59.166Z

Link: CVE-2024-32979

cve-icon Vulnrichment

Updated: 2024-08-02T02:27:53.473Z

cve-icon NVD

Status : Analyzed

Published: 2024-05-01T11:15:47.407

Modified: 2025-08-26T18:54:06.693

Link: CVE-2024-32979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.