A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Sep 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Lenel
Lenel netbox |
|
Weaknesses | CWE-79 | |
CPEs | cpe:2.3:a:lenel:netbox:*:*:*:*:*:*:*:* | |
Vendors & Products |
Lenel
Lenel netbox |
|
Metrics |
cvssV3_1
|
Sun, 22 Sep 2024 02:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-09-22T00:00:00
Updated: 2024-09-23T14:58:22.167Z
Reserved: 2024-09-22T00:00:00
Link: CVE-2024-47226
Vulnrichment
Updated: 2024-09-23T14:58:04.686Z
NVD
Status : Awaiting Analysis
Published: 2024-09-22T02:15:02.797
Modified: 2024-09-26T13:32:55.343
Link: CVE-2024-47226
Redhat
No data.