Primary

Context

NetBox Community Cross-Site Scripting Vulnerability in Login Page

Vulnerability

Patched

A cross-site scripting (XSS) vulnerability has been identified in the login page of NetBox Community version 4.1.7. This issue allows a privileged, authenticated attacker to exfiltrate user input from the login form.

Impact

Exploitation of this vulnerability allows for cross-site scripting, where an attacker can inject malicious scripts that are executed in the context of the user's browser.

Reproduction

To reproduce this vulnerability, log into a NetBox Community 4.1.7 instance as a privileged user. Navigate to the login page and inject a script into the login form. Once the script is submitted, it will be executed, demonstrating the cross-site scripting vulnerability.

Added: Jun 24, 2025, 5:25 PM

Updated: Jun 24, 2025, 5:25 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

6.6

remediation

7.7

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NetBox Community Cross-Site Scripting Vulnerability in Login Page

Vulnerability

Impact

Reproduction

Affected Products

Netbox Community

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating