CVE-2024-40732

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 9, 2024

Updated: Jul 11, 2024

CWE ID 79

Summary

The vulnerability with the CVE ID CVE-2024-40732 is a cross-site scripting (XSS) vulnerability found in netbox v4.0.3. Attackers can exploit this vulnerability by injecting a crafted payload into the Name parameter at /dcim/rear-ports/add/, which allows them to execute arbitrary web scripts or HTML. The affected product is netbox v4.0.3. To remediate this vulnerability, it is recommended to update to a patched version of netbox or apply any available security patches provided by the vendor. This vulnerability poses a medium level danger to organizations, as it can lead to unauthorized execution of malicious scripts or HTML code, potentially compromising the confidentiality and integrity of data accessed through netbox.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database