CVE-2023-48705

Summary

CVE-2023-48705 is a cross-site scripting vulnerability that affects users of Nautobot versions earlier than 1.6.6 or 2.0.5, which is a Network Source of Truth and Network Automation Platform. This vulnerability arises due to incorrect usage of Django's `mark_safe()` API when rendering certain types of user-authored content, potentially allowing users with permission to create or edit this content to craft malicious payloads that could be executed when rendering pages containing this content. The maintainers have fixed this issue by replacing the incorrect uses of `mark_safe()` with appropriate use of `format_html()`. It is recommended for Nautobot 1.6.x users to upgrade to version 1.6.6 and Nautobot 2.0.x users to upgrade to version 2.0.5. This vulnerability poses a medium risk with low privileges required and user interaction required, potentially impacting confidentiality and integrity of data but not availability. Note: This summary includes facts from the given text but does not include the information about affected products due to space limitations in the paragraph report format provided.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.