CVE-2024-40736

A cross-site scripting XSS vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-outlets/add...

NetBox 安全漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A cross-site scripting vulnerability exists in NetBox v4.0.3, which stems from the lack of effective filtering and escaping of user-supplied data in t...

CVE-2024-40736

NetBox v4.0.3 is affected by an XSS vulnerability in the /dcim/power-outlets/add endpoint where user-supplied data in the Name parameter can be used to inject arbitrary HTML/JS. The root cause is insufficient filtering/escaping of input in that field, enabling attacker-controlled payloads to exec...

PT-2024-29014 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at "/dcim/power-outlets/add" endpoint. Recommendations: For...