CVE-2025-57543

{"id": "CVE-2025-57543", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2026-03-16T16:16:13.030", "references": [{"url": "https://gist.github.com/MerttTuran/d94acff59816bfd9492d1a738e89ebb4", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://gist.github.com/MerttTuran/d94acff59816bfd9492d1a738e89ebb4", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 \"comment\" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts."}, {"lang": "es", "value": "Vulnerabilidad de scripting entre sitios (XSS) en NetBox 4.3.5 en el campo 'comment' de los formularios de objetos. Un atacante puede inyectar HTML arbitrario, que se renderizar\u00e1 en la interfaz de usuario web cuando sea visto por otros usuarios. Esto podr\u00eda llevar potencialmente a ataques de manipulaci\u00f3n de la interfaz de usuario o ser escalado a XSS en ciertos contextos."}], "lastModified": "2026-03-20T13:56:20.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netbox:netbox:4.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0938F464-63D4-4601-8C2F-8F69E7CED8C9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}