CVE-2024-40739

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jul 9, 2024
Updated: Jul 11, 2024
CWE ID 79

Summary

CVE-2024-40739 is a newly disclosed cross-site scripting (XSS) vulnerability affecting netbox v4.0.3. An attacker can exploit this flaw by injecting a malicious payload into the Name parameter when adding power feeds through the /dcim/power-feeds/add endpoint. Successful exploitation allows the attacker to execute arbitrary web scripts or HTML code in the victim's browser, potentially leading to session hijacking, data theft, or other forms of unauthorized access. It is crucial for netbox users to update to the latest version to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share