CVE-2024-47226

Exploit

EPSS 0.14%
Veröffentlicht 22.09.2024 02:15:02
Zuletzt bearbeitet 30.06.2025 14:50:07
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the "Configuration History" feature of the "Admin" panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the "Top banner" field. NOTE: Multiple third parties have disputed this as not a vulnerability. It is argued that the configuration revision banner feature is meant to contain unsanitized HTML in order to display notifications to users. Since these fields are intended to display unsanitized HTML, this is working as intended.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netbox ≫ Netbox Version4.1.0 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.342

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.4	2.3	2.7	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://github.com/netbox-community/netbox/releases/tag/v4.1.0

Release Notes

https://github.com/tu3n4nh/netbox/issues/1

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2024-47226

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-47226

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-47226

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-47226