CVE-2024-47226 Information

Description

A stored cross-site scripting (XSS) vulnerability exists in NetBox 4.1.0 within the \Configuration History\ feature of the \Admin\ panel via a /core/config-revisions/ Add action. An authenticated user can inject arbitrary JavaScript or HTML into the \Top banner\ field.

Reference

https://github.com/tu3n4nh/netbox/issues/1 https://github.com/netbox-community/netbox/releases/tag/v4.1.0