CVE-2024-0948

Name of the Vulnerable Software and Affected Versions NetBox versions up to 3.7.0

Description A problematic issue has been found in the processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <h1 onload=alert(1)>test</h1> leads to cross site scripting. The attack may be initiated remotely. The real existence of this vulnerability is still doubted at the moment.

Recommendations For versions up to 3.7.0, as a temporary workaround, consider restricting access to the /core/config-revisions file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.