CVE-2024-47226

Summary

CVE-2024-47226 is a stored cross-site scripting (XSS) vulnerability found in NetBox version 4.1.0, specifically within the "Configuration History" feature of the Admin panel. The vulnerability allows an authenticated user to inject arbitrary JavaScript or HTML into the "Top banner" field via the /core/config-revisions/ Add action. Organizations using this version may face potential security risks, including unauthorized execution of scripts, leading to possible data exposure or manipulation, although the overall impact is rated as medium with low confidentiality and integrity impact. To remediate this issue, users should update to a patched version of NetBox as indicated in the official release notes. The exploitability score for this vulnerability is low, indicating that while it requires user interaction and low privileges, it remains a concern for network security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.