CVE-2024-40736

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 9, 2024
Updated: Jul 11, 2024
CWE ID 79

Summary

CVE-2024-40736 is a newly identified cross-site scripting (XSS) vulnerability affecting netbox v4.0.3. This issue enables attackers to inject arbitrary web scripts or HTML code into the Name parameter of the /dcim/power-outlets/add endpoint. Successful exploitation of this vulnerability could lead to unintended execution of malicious code on a victim's browser, potentially compromising sensitive data or taking control of user sessions. To mitigate this risk, users are advised to upgrade to a patched version of netbox as soon as possible.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share