CVE-2024-56916

{"id": "CVE-2024-56916", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-06-24T18:15:24.240", "references": [{"url": "https://github.com/netbox-community/netbox/releases/tag/v4.1.7", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56916", "tags": ["Third Party Advisory", "Exploit"], "source": "cve@mitre.org"}, {"url": "https://www.youtube.com/watch?v=GC8-PUlu2i8", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger."}, {"lang": "es", "value": "En Netbox Community 4.1.7, una vez autenticado, la opci\u00f3n \"Historial de Configuraci\u00f3n > Agregar\" es vulnerable a ataques de Cross-Site Scripting (XSS) debido a que el campo \"valor actual\" representa el HTML proporcionado por el usuario. Un atacante autenticado puede aprovechar esto para agregar JavaScript malicioso al campo \"Cualquier banner\". Al editar una versi\u00f3n del Historial de Configuraci\u00f3n o intentar agregar una nueva versi\u00f3n, se activa el payload XSS."}], "lastModified": "2025-06-30T14:43:46.500", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netbox:netbox:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4F7646D-0677-4FE5-B4B1-3F10F068A625", "versionEndIncluding": "4.2.1", "versionStartIncluding": "4.1.7"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}