Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
NetBox is an open-source infrastructure resource modeling and IP address management platform. A reflected cross-site scripting (XSS) vulnerability exists in versions 2.11.0 through 3.7.x in the ProtectedError handling logic, where object names are included in HTML error messages without proper escaping. This allows user-controlled content to be rendered in the web interface when a delete operation fails due to protected relationships, potentially enabling execution of arbitrary client-side code in the context of a privileged user.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
NetBox 安全漏洞
Vulnerability Description
NetBox是NetBox社区的一款基于Django、PostgreSql 用于IP地址管理(IPAM)和数据中心基础结构管理(DCIM)的工具。 NetBox 2.11.0版本至3.7.x版本存在安全漏洞,该漏洞源于ProtectedError处理逻辑中对象名称包含在HTML错误消息中而未正确转义,可能导致反射型跨站脚本攻击,从而在特权用户环境中执行任意客户端代码。
CVSS Information
N/A
Vulnerability Type
N/A