Security Advisory

CVE-2024-56916

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-24 00:00:00

Last updated 2025-06-24 19:19:26

Assigner mitre

State PUBLISHED

Description

In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.

← Browse all CVEs View on cve.org ↗