Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Netbox 安全漏洞
Vulnerability Description
NetBox是NetBox社区的一款基于Django、PostgreSql 用于IP地址管理(IPAM)和数据中心基础结构管理(DCIM)的工具。 Netbox Community 4.1.7版本存在安全漏洞,该漏洞源于Configuration History中current value字段未过滤用户输入,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A