CNNVD-202602-344 Information
CNNVD ID
CNNVD-202602-344
Related CVE
- CNNVD Published: 2026-02-03
Description (Chinese)
NetBox是NetBox社区的一款基于Django、PostgreSql 用于IP地址管理(IPAM)和数据中心基础结构管理(DCIM)的工具。 NetBox 2.11.0版本至3.7.x版本存在安全漏洞,该漏洞源于ProtectedError处理逻辑中对象名称包含在HTML错误消息中而未正确转义,可能导致反射型跨站脚本攻击,从而在特权用户环境中执行任意客户端代码。
Description (English)
NetBox is a tool for the NetBox community based on Django, PostgreSql for IP address management (IPAM) and data centre infrastructure management (DCIM). NetBox version 2.11.0 to 3.7.x contains a security loophole, which stems from the fact that the name of the object in the ProtectedError processing logic is included in the HTML error message and is not correctly transposed, and may lead to a cross-resilient script attack, thereby implementing any client code in the privileged user environment.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
NetBox
Published
2026-02-03
Last Modified
2026-02-24
References
https://github.com/netbox-community/netbox
Patch
https://github.com/netbox-community/netbox/releases
Share on: