CVE-2024-0948 | NetBox up to 3.7.0 Home Page Configuration /core/config-revisions cross site scripting

A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting.

The identification of this vulnerability is CVE-2024-0948. The attack may be initiated remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-0948 | NetBox up to 3.7.0 Home Page Configuration /core/config-revisions cross site scripting

Related Posts

CVE-2024-41167 | Intel Server Board M10JNP2SB Family UEFI Firmware input validation (intel-sa-01175)

CVE-2024-1268 | CodeAstro Restaurant POS System 1.0 update_product.php unrestricted upload

CVE-2024-25079 | Insyde InsydeH2O HddPassword memory corruption

CVE-2024-46780 | Linux Kernel up to 6.10.9 nilfs2 null pointer dereference