noxlumens/Vulnerability-Research

Releases0

Stars1

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2024-56915 ↗	Jun 26, 2025Thursday, 26 June 2025, 15:15	6.5 MEDIUM	—
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.
CVE-2024-56917 ↗	Jun 24, 2025Tuesday, 24 June 2025, 20:15	7.1 HIGH	—
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.
CVE-2024-56916 ↗	Jun 24, 2025Tuesday, 24 June 2025, 18:15	6.1 MEDIUM	—
In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field. Once a victim edits a Configuration History version or attempts to Add a new version, the XSS payload will trigger.
CVE-2024-56918 ↗	Jun 24, 2025Tuesday, 24 June 2025, 17:15	6.1 MEDIUM	—
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.