Nautobot is a Network Source of Truth and Network Automation Platform built as a web application atop the Django Python framework with a PostgreSQL or MySQL database. It was discovered that due to improper handling and escaping of user-provided query parameters, a maliciously crafted Nautobot URL could potentially be used to execute a Reflected Cross-Site Scripting (Reflected XSS) attack against users. All filterable object-list views in Nautobot are vulnerable. This issue has been fixed in Nautobot versions 1.6.20 and 2.2.3. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 19:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Networktocode
Networktocode nautobot |
|
CPEs | cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:* | |
Vendors & Products |
Networktocode
Networktocode nautobot |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T02:27:53.473Z
Reserved: 2024-04-22T15:14:59.166Z
Link: CVE-2024-32979

Updated: 2024-08-02T02:27:53.473Z

Status : Analyzed
Published: 2024-05-01T11:15:47.407
Modified: 2025-08-26T18:54:06.693
Link: CVE-2024-32979

No data.

No data.