CVE-2024-40726

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-40726

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40726.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-40726

Published

2024-07-09T18:15:11.110Z

Modified

2026-03-14T12:35:07.728702Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at /dcim/power-ports/{id}/edit/.

References

https://github.com/minhquan202/Vuln-Netbox

Affected packages

Git / github.com/netbox-community/netbox

Affected ranges

Type

GIT

Repo

https://github.com/netbox-community/netbox

Events

Introduced

Last affected

3f345cdbee016243ab5162456ea5415472a2f2df

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "4.0.3"
        }
    ]
}

Affected versions

1.*

1.0.0

1.6.1

v1.*

v1.0.3

v1.0.3-r1

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.7-r1

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1-r1

v1.6.2-r1

v1.6.3

v1.7.0

v1.7.1

v1.7.2-r1

v1.7.3

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.9.0-r1

v1.9.1

v1.9.2

v1.9.3

v1.9.4-r1

v1.9.5

v1.9.6

v2.*

v2.0-beta1

v2.0-beta2

v2.0-beta3

v2.0.0

v2.0.1

v2.0.10

v2.0.2

v2.0.3

v2.0.4

v2.0.5

v2.0.6

v2.0.7

v2.0.8

v2.0.9

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.10-beta1

v2.10-beta2

v2.10.0

v2.10.1

v2.10.10

v2.10.2

v2.10.3

v2.10.4

v2.10.5

v2.10.6

v2.10.7

v2.10.8

v2.10.9

v2.11-beta1

v2.11.0

v2.11.1

v2.11.10

v2.11.11

v2.11.12

v2.11.2

v2.11.3

v2.11.4

v2.11.5

v2.11.6

v2.11.7

v2.11.8

v2.11.9

v2.2.0

v2.2.1

v2.2.10

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

v2.2.9

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.4-beta1

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.5-beta1

v2.5-beta2

v2.5.0

v2.5.1

v2.5.10

v2.5.11

v2.5.12

v2.5.13

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

v2.5.7

v2.5.8

v2.5.9

v2.6-beta1

v2.6.0

v2.6.1

v2.6.10

v2.6.11

v2.6.12

v2.6.2

v2.6.3

v2.6.4

v2.6.5

v2.6.6

v2.6.7

v2.6.8

v2.6.9

v2.7-beta1

v2.7.0

v2.7.1

v2.7.10

v2.7.11

v2.7.12

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.9-beta1

v2.9-beta2

v2.9.0

v2.9.1

v2.9.10

v2.9.11

v2.9.2

v2.9.3

v2.9.4

v2.9.5

v2.9.6

v2.9.7

v2.9.8

v2.9.9

v3.*

v3.0-beta1

v3.0-beta2

v3.0.0

v3.0.1

v3.0.10

v3.0.11

v3.0.12

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1-beta1

v3.1.0

v3.1.1

v3.1.10

v3.1.11

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

v3.1.7

v3.1.8

v3.1.9

v3.2-beta1

v3.2-beta2

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.2.9

v3.3-beta1

v3.3-beta2

v3.3.0

v3.3.1

v3.3.10

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.3.6

v3.3.7

v3.3.8

v3.3.9

v3.4-beta1

v3.4.0

v3.4.1

v3.4.10

v3.4.2

v3.4.3

v3.4.4

v3.4.5

v3.4.6

v3.4.7

v3.4.8

v3.4.9

v3.5-beta1

v3.5-beta2

v3.5.0

v3.5.1

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

v3.5.9

v3.6-beta1

v3.6-beta2

v3.6.0

v3.6.1

v3.6.2

v3.6.3

v3.6.4

v3.6.5

v3.6.6

v3.6.7

v3.6.8

v3.6.9

v3.7-beta1

v3.7.0

v3.7.1

v3.7.2

v3.7.3

v3.7.4

v3.7.5

v3.7.6

v3.7.7

v3.7.8

v4.*

v4.0-beta1

v4.0-beta2

v4.0.0

v4.0.1

v4.0.2

v4.0.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40726.json"