Netbox Community
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-56915 | 0.00 | — | 0.00 | Jun 26, 2025 | Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget. | |||
| CVE-2024-56917 | 0.00 | — | 0.00 | Jun 24, 2025 | Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode. | |||
| CVE-2024-56916 | 0.00 | — | 0.00 | Jun 24, 2025 | In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field.… | |||
| CVE-2024-56918 | 0.00 | — | 0.00 | Jun 24, 2025 | In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form. |
- CVE-2024-56915Jun 26, 2025risk 0.00cvss —epss 0.00
Netbox Community v4.1.7 and fixed in v.4.2.2 is vulnerable to Cross Site Scripting (XSS) via the RSS feed widget.
- CVE-2024-56917Jun 24, 2025risk 0.00cvss —epss 0.00
Netbox Community 4.1.7 is vulnerable to Cross Site Scripting (XSS) via the maintenance banner` in maintenance mode.
- CVE-2024-56916Jun 24, 2025risk 0.00cvss —epss 0.00
In Netbox Community 4.1.7, once authenticated, Configuration History > Add`is vulnerable to cross-site scripting (XSS) due to the `current value` field rendering user supplied html. An authenticated attacker can leverage this to add malicious JavaScript to the any banner field.…
- CVE-2024-56918Jun 24, 2025risk 0.00cvss —epss 0.00
In Netbox Community 4.1.7, the login page is vulnerable to cross-site scripting (XSS), which allows a privileged, authenticated attacker to exfiltrate user input from the login form.