CVE-2024-40735

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 9, 2024

Updated: Jul 11, 2024

CWE ID 94

CWE ID 79

Summary

CVE-2024-40735 is a newly identified cross-site scripting (XSS) vulnerability affecting netbox version 4.0.3. Malicious actors can exploit this flaw by injecting arbitrary web scripts or HTML into the Name parameter of the /dcim/power-outlets/{id}/edit/ endpoint. Successful exploitation could lead to the execution of malicious code in the user's browser, potentially resulting in data theft, unauthorized account access, or other undesirable outcomes. Users are advised to upgrade to a patched version of netbox as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w6YJwg
https://www.cve.org/CVERecord?id=CVE-2024-40735
https://nvd.nist.gov/vuln/detail/CVE-2024-40735

Back to Vulnerability Database

CVE-2024-40735

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations