Key Information Vulnerability ID CVE-2024-56917 Vulnerability Type Stored Cross-Site Scripting (XSS) Affected Versions Netbox Community Edition Version >= 4.1.7 Vulnerability Description Netbox Community Edition versions >= 4.1.7 are affected by a stored cross-site scripting (XSS) vulnerability via the maintenance banner. Attack Vector An attacker can exploit this vulnerability by editing the maintenance banner at and inserting malicious JavaScript. Once authenticated, all internal endpoints become vulnerable to cross-site scripting (XSS) attacks due to the maintenance banner warning. An authenticated attacker can exploit the configuration history endpoint by adding malicious JavaScript to the maintenance banner and placing the application in "maintenance mode". Reproduction Steps 1. Navigate to 2. Paste into the maintenance banner field. 3. Check the "Maintenance Mode" checkbox. 4. Click "Create". All endpoints supporting maintenance warnings will trigger the prompt. Affected Product Codebase Netbox Community Edition - 4.1.7 >= 4.2.1 Affected Component and when in maintenance mode Reference Links GitHub Release CVE Record YouTube Video