CVE-2023-33791

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-33791

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33791.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-33791

Published

2023-05-24T20:15:10.543Z

Modified

2025-11-20T12:13:45.984814Z

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A stored cross-site scripting (XSS) vulnerability in the Create Provider Accounts (/circuits/provider-accounts/) function of Netbox v3.5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.

References

https://github.com/anhdq201/netbox/issues/4

Affected packages

Git / github.com/netbox-community/netbox

Affected ranges

Type: GIT
Repo: https://github.com/netbox-community/netbox
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

5f184f2435aad502a1f8f02f96c0dee7cc546651

Affected versions

1.*

1.0.0

1.6.1

v1.*

v1.0.3

v1.0.3-r1

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.7-r1

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1-r1

v1.6.2-r1

v1.6.3

v1.7.0

v1.7.1

v1.7.2-r1

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.9.0-r1

v1.9.1

v1.9.2

v1.9.3

v1.9.4-r1

v1.9.5

v1.9.6

v2.*

v2.0-beta1

v2.0-beta2

v2.0-beta3

v2.0.0

v2.0.1

v2.0.10

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.10-beta1

v2.10-beta2

v2.10.0

v2.10.1

v2.10.10

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.10.9

v2.11-beta1

v2.11.0

v2.11.1

v2.11.10

v2.11.11

v2.11.12

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.8

v2.11.9

v2.2.0

v2.2.1

v2.2.10

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4-beta1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5-beta1

v2.5-beta2

v2.5.0

v2.5.1

v2.5.10

v2.5.11

v2.5.12

v2.5.13

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6-beta1

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7-beta1

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9-beta1

v2.9-beta2

v2.9.0

v2.9.1

v2.9.10

v2.9.11

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0-beta1

v3.0-beta2

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1-beta1

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2-beta1

v3.2-beta2

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3-beta1

v3.3-beta2

v3.3.0

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4-beta1

v3.4.0

v3.4.1

v3.4.10

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.5-beta1

v3.5-beta2

v3.5.0

v3.5.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-33791.json"