CVE-2024-40726
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Jul 9, 2024
Updated: Jul 11, 2024
CWE ID 94
CWE ID 79
Summary
CVE-2024-40726 is a newly disclosed cross-site scripting (XSS) vulnerability affecting netbox v4.0.3. Successful exploitation allows attackers to inject and execute arbitrary web scripts or HTML code by crafting a malicious payload and targeting the Name parameter in the /dcim/power-ports/{id}/edit/ endpoint. This can lead to unintended actions, data theft, or even complete takeover of vulnerable installations. Users are urged to update their netbox installations as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share