Lucene search

Veracode Vulnerability DatabaseVERACODE:46715

HistoryMay 02, 2024 - 8:48 a.m.

Reflected Cross-Site Scripting (Reflected XSS)

2024-05-0208:48:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

nautobot

vulnerability

cross-site scripting

user-provided query parameters

malicious scripts

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

nautobot is vulnerable to Reflected Cross-Site Scripting (Reflected XSS). The vulnerability is due to improper handling and escaping of user-provided query parameters, allowing a maliciously crafted Nautobot URL to potentially execute malicious scripts against users.

CPENameOperatorVersion
nautobotle2.2.2
nautobotle1.6.19
nautobotle2.2.2
nautobotle1.6.19

Name	Operator	Version
nautobot	le	2.2.2
nautobot	le	1.6.19
nautobot	le	2.2.2
nautobot	le	1.6.19

References

github.com/nautobot/nautobot/commit/2ea5797ea43646d5d8b29433e4c707b5a9758146

github.com/nautobot/nautobot/commit/42440ebd9b381534ad89d62420ebea00d703d64e

github.com/nautobot/nautobot/pull/5646

github.com/nautobot/nautobot/pull/5647

github.com/nautobot/nautobot/releases/tag/v1.6.20

github.com/nautobot/nautobot/releases/tag/v2.2.3

github.com/nautobot/nautobot/security/advisories/GHSA-jxgr-gcj5-cqqg

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:L

6.4 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

Related for VERACODE:46715