Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-0948— NetBox Home Page Configuration config-revisions cross site scripting

CVSS 2.4 · Low EPSS 0.13% · P32
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2024-0948

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
NetBox Home Page Configuration config-revisions cross site scripting
Source: NVD (National Vulnerability Database)
Vulnerability Description
** DISPUTED ** A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
NetBox 跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
NetBox是NetBox社区的一款基于Django、PostgreSql 用于IP地址管理(IPAM)和数据中心基础结构管理(DCIM)的工具。 NetBox 3.7.0 及之前版本存在跨站脚本漏洞,该漏洞源于组件Home Page Configuration中的 /core/config-revisions 包含一些未知处理,通过特殊输入导致跨站脚本编写。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-NetBox 3.0 -

II. Public POCs for CVE-2024-0948

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2024-0948

登录查看更多情报信息。

Same Patch Batch · n/a · 2024-01-26 · 21 CVEs total

CVE-2024-09457.3 HIGH60IndexPage Parameter file.php server-side request forgery
CVE-2024-09467.3 HIGH60IndexPage Parameter index.php server-side request forgery
CVE-2024-09415.5 MEDIUMNovel-Plus list sql injection
CVE-2024-22551Usha InformatiqueC WhatACart 跨站脚本漏洞
CVE-2024-22550ShopSite 安全漏洞
CVE-2022-48622gdk-pixbuf 安全漏洞
CVE-2024-22545TRENDnet TEW-824DRU 安全漏洞
CVE-2023-48133Line 安全漏洞
CVE-2023-48130Line 安全漏洞
CVE-2023-48129Line 安全漏洞
CVE-2023-48128Line 安全漏洞
CVE-2023-48126Line 安全漏洞
CVE-2023-48135Line 安全漏洞
CVE-2023-48132Line 安全漏洞
CVE-2023-48131Line 安全漏洞
CVE-2023-48127Line 安全漏洞
CVE-2023-38323openNDS 安全漏洞
CVE-2023-38319OpenNDS 安全漏洞
CVE-2023-38318OpenNDS 安全漏洞
CVE-2023-38317openNDS 安全漏洞

IV. Related Vulnerabilities

Same product: NetBox
Same vendor: n/a
Same weakness: CWE-79

V. Comments for CVE-2024-0948

No comments yet

Leave a comment