Lucene search

Veracode Vulnerability DatabaseVERACODE:45142

HistoryJan 24, 2024 - 6:02 a.m.

Cross-site Scripting (XSS)

2024-01-2406:02:11

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

cross-site scripting

nautobot

vulnerability

markdown

script

software

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

nautobot is vulnerable to Cross-site Scripting (XSS). The vulnerability is due improper sanitization of user-supplied markdown within the render_markdown function. This allows an attacker to embedded malicious scripts in markdown content resulting in XSS.

CPENameOperatorVersion
nautobotle1.6.9
nautobotle2.1.1
nautobotle1.6.9
nautobotle2.1.1

Name	Operator	Version
nautobot	le	1.6.9
nautobot	le	2.1.1
nautobot	le	1.6.9
nautobot	le	2.1.1

References

github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80

github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce

github.com/nautobot/nautobot/pull/5133

github.com/nautobot/nautobot/pull/5134

github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h

7.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.4%

JSON

Related for VERACODE:45142