CVE-2024-56918

Name of the Vulnerable Software and Affected Versions: Netbox Community version 4.1.7

Description: The login page in Netbox Community is vulnerable to cross-site scripting (XSS), allowing a privileged, authenticated attacker to exfiltrate user input from the login form. This issue enables the attacker to potentially steal sensitive information.

Recommendations: For Netbox Community version 4.1.7, as a temporary workaround, consider disabling the login page or restricting access to it until a patch is available. Additionally, restrict the use of the login form to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.