CVE-2024-0948 | NetBox up to 3.7.0 Home Page Configuration /core/config-revisions cross site scripting

A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting.

The identification of this vulnerability is CVE-2024-0948. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0948 | NetBox up to 3.7.0 Home Page Configuration /core/config-revisions cross site scripting

Related Posts

CVE-2024-45107 | Adobe Acrobat Reader prior 20.005.30655/24.001.30159/24.002.21005 use after free (apsb24-57)

CVE-2024-2334 | Template Kit Plugin up to 1.0.14 on WordPress Template Upload cross site scripting

CVE-2024-2436 | Lightweight Accordion Plugin up to 1.5.16 on WordPress Shortcode cross site scripting

CVE-2023-50265 | morpheus65535 bazarr up to 1.3.0 /api/swaggerui/static send_file filename path traversal (GHSL-2023-192)