CNNVD-202506-3107 Information
CNNVD ID
CNNVD-202506-3107
Related CVE
- CNNVD Published: 2025-06-24
Description (Chinese)
NetBox是NetBox社区的一款基于Django、PostgreSql 用于IP地址管理(IPAM)和数据中心基础结构管理(DCIM)的工具。 Netbox Community 4.1.7版本存在安全漏洞,该漏洞源于Configuration History中current value字段未过滤用户输入,可能导致存储型跨站脚本攻击。
Description (English)
NetBox is a tool for the NetBox community based on Django, PostgreSql for IP address management (IPAM) and data centre infrastructure management (DCIM). Version 4.1.7 of Netbox Community contains a security loophole that originates from the unfiltered user input of the current value field in Configuration Headquarters, which may result in a storage-type cross-site script attack.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NetBox
Published
2025-06-24
Last Modified
2026-02-24
References
https://github.com/netbox-community/netbox/releases/tag/v4.1.7 https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56916 https://www.youtube.com/watch?v=GC8-PUlu2i8
Patch
https://github.com/netbox-community/netbox/releases
Share on: