Description

In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.

INFO

Published Date :

2025-06-24T00:00:00.000Z

Last Modified :

2025-06-24T19:19:26.650Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2024-56916 vulnerability.

Vendors Products
Netbox
  • Netbox
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-56916.

URL Resource
https://github.com/netbox-community/netbox/releases/tag/v4.1.7 cve-icon cve-icon
https://github.com/noxlumens/Vulnerability-Research/tree/main/CVE-2024-56916 cve-icon cve-icon
https://www.youtube.com/watch?v=GC8-PUlu2i8 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact