CVE-2024-40726

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 9, 2024
Updated: Jul 11, 2024
CWE ID 94
CWE ID 79

Summary

CVE-2024-40726 is a newly disclosed cross-site scripting (XSS) vulnerability affecting netbox v4.0.3. Successful exploitation allows attackers to inject and execute arbitrary web scripts or HTML code by crafting a malicious payload and targeting the Name parameter in the /dcim/power-ports/{id}/edit/ endpoint. This can lead to unintended actions, data theft, or even complete takeover of vulnerable installations. Users are urged to update their netbox installations as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share