CVE-2019-25011

2020-12-3120:15:12

Google

osv.dev

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.8%

JSON

NetBox through 2.6.2 allows an Authenticated User to conduct an XSS attack against an admin via a GFM-rendered field, as demonstrated by /dcim/sites/add/ comments.

CPENameOperatorVersion
netboxeq2.5.5
netboxeq2.0-beta1
netboxeq1.8.0
netboxeq1.9.1
netboxeq2.0.1
netboxeq1.4.0
netboxeq2.2.5
netboxeq1.8.2
netboxeq2.0.10
netboxeq2.5.13