Nautobot is a Network Source of Truth and Network Automation Platform. A Nautobot user with admin privileges can modify the `BANNER_TOP`, `BANNER_BOTTOM`, and `BANNER_LOGIN` configuration settings via the `/admin/constance/config/` endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically on the login page in the case of `BANNER_LOGIN`) but it was reported that an admin user can make use of these settings to inject arbitrary HTML, potentially exposing Nautobot users to security issues such as cross-site scripting (stored XSS). The vulnerability is fixed in Nautobot 1.6.22 and 2.2.4.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Aug 2025 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Networktocode
Networktocode nautobot |
|
CPEs | cpe:2.3:a:networktocode:nautobot:*:*:*:*:*:*:*:* | |
Vendors & Products |
Networktocode
Networktocode nautobot |

Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2024-08-02T02:59:22.584Z
Reserved: 2024-05-07T13:53:00.133Z
Link: CVE-2024-34707

Updated: 2024-08-02T02:59:22.584Z

Status : Analyzed
Published: 2024-05-14T15:39:30.633
Modified: 2025-08-26T16:16:00.280
Link: CVE-2024-34707

No data.

No data.