CVE-2023-36234

Name of the Vulnerable Software and Affected Versions Netbox version 3.5.1

Description The issue allows attackers to execute arbitrary code via the Name field in the device-roles/add function, which is a Cross Site Scripting (XSS) vulnerability. This enables attackers to inject malicious scripts into the website, potentially leading to unauthorized access or control.

Recommendations For Netbox version 3.5.1, update to a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to the device-roles/add function to minimize the risk of exploitation. Avoid using the Name field in the device-roles/add function until the issue is resolved.