PT-2025-26975 · Unknown · Netbox Community
Published
2024-11-21
·
Updated
2025-06-30
·
CVE-2024-56915
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
Netbox Community versions 4.1.7 through 4.2.1
Description:
The issue is related to Cross Site Scripting (XSS) via the RSS feed widget. This allows for potential malicious script execution.
Recommendations:
For Netbox Community version 4.1.7, update to version 4.2.2 to resolve the issue.
As a temporary workaround, consider disabling the RSS feed widget until a patch is available.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netbox Community