Primary

Context

NetBox Community Cross-Site Scripting Vulnerability in RSS Feed Widget

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in NetBox Community version 4.1.7, specifically within the RSS feed widget. This issue has been addressed in version 4.2.2.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

The vulnerability can be reproduced by adding an RSS feed widget in NetBox Community version 4.1.7. Malicious scripts can be injected into the widget, which will then be executed, demonstrating the cross-site scripting flaw.

Remediation

Users can upgrade to NetBox Community version 4.2.2 to address this vulnerability.

Added: Jun 26, 2025, 3:39 PM

Updated: Jun 26, 2025, 4:24 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

6.7

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

1.7

exploitability

6.7

remediation

7.7

relevance

0.2

threat

1.6

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetBox Community Cross-Site Scripting Vulnerability in RSS Feed Widget

Vulnerability

Impact

Reproduction

Remediation

Affected Products

Netbox

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating