CVE-2024-40742

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-40742
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40742.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-40742
Published
2024-07-09T18:15:12.430Z
Modified
2025-11-20T12:28:09.749611Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A cross-site scripting (XSS) vulnerability in netbox v4.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at /circuits/circuits/add.

References

Affected packages

Git / github.com/netbox-community/netbox

Affected ranges

Type
GIT
Repo
https://github.com/netbox-community/netbox
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3f345cdbee016243ab5162456ea5415472a2f2df

Affected versions

1.*
1.0.0
1.6.1
v1.*
v1.0.3
v1.0.3-r1
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.7-r1
v1.1.0
v1.2.0
v1.2.1
v1.2.2
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.1
v1.5.2
v1.6.0
v1.6.1-r1
v1.6.2-r1
v1.6.3
v1.7.0
v1.7.1
v1.7.2-r1
v1.7.3
v1.8.0
v1.8.1
v1.8.2
v1.8.3
v1.8.4
v1.9.0-r1
v1.9.1
v1.9.2
v1.9.3
v1.9.4-r1
v1.9.5
v1.9.6
v2.*
v2.0-beta1
v2.0-beta2
v2.0-beta3
v2.0.0
v2.0.1
v2.0.10
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.1
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.6
v2.10-beta1
v2.10-beta2
v2.10.0
v2.10.1
v2.10.10
v2.10.2
v2.10.3
v2.10.4
v2.10.5
v2.10.6
v2.10.7
v2.10.8
v2.10.9
v2.11-beta1
v2.11.0
v2.11.1
v2.11.10
v2.11.11
v2.11.12
v2.11.2
v2.11.3
v2.11.4
v2.11.5
v2.11.6
v2.11.7
v2.11.8
v2.11.9
v2.2.0
v2.2.1
v2.2.10
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2.7
v2.2.8
v2.2.9
v2.3.0
v2.3.1
v2.3.2
v2.3.3
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.4-beta1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.5-beta1
v2.5-beta2
v2.5.0
v2.5.1
v2.5.10
v2.5.11
v2.5.12
v2.5.13
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6-beta1
v2.6.0
v2.6.1
v2.6.10
v2.6.11
v2.6.12
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.7-beta1
v2.7.0
v2.7.1
v2.7.10
v2.7.11
v2.7.12
v2.7.2
v2.7.3
v2.7.4
v2.7.5
v2.7.6
v2.7.7
v2.7.8
v2.7.9
v2.8.0
v2.8.1
v2.8.2
v2.8.3
v2.8.4
v2.8.5
v2.8.6
v2.8.7
v2.8.8
v2.8.9
v2.9-beta1
v2.9-beta2
v2.9.0
v2.9.1
v2.9.10
v2.9.11
v2.9.2
v2.9.3
v2.9.4
v2.9.5
v2.9.6
v2.9.7
v2.9.8
v2.9.9
v3.*
v3.0-beta1
v3.0-beta2
v3.0.0
v3.0.1
v3.0.10
v3.0.11
v3.0.12
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
v3.0.9
v3.1-beta1
v3.1.0
v3.1.1
v3.1.10
v3.1.11
v3.1.2
v3.1.3
v3.1.4
v3.1.5
v3.1.6
v3.1.7
v3.1.8
v3.1.9
v3.2-beta1
v3.2-beta2
v3.2.0
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.2.5
v3.2.6
v3.2.7
v3.2.8
v3.2.9
v3.3-beta1
v3.3-beta2
v3.3.0
v3.3.1
v3.3.10
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4-beta1
v3.4.0
v3.4.1
v3.4.10
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.7
v3.4.8
v3.4.9
v3.5-beta1
v3.5-beta2
v3.5.0
v3.5.1
v3.5.2
v3.5.3
v3.5.4
v3.5.5
v3.5.6
v3.5.7
v3.5.8
v3.5.9
v3.6-beta1
v3.6-beta2
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6
v3.6.7
v3.6.8
v3.6.9
v3.7-beta1
v3.7.0
v3.7.1
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v3.7.8
v4.*
v4.0-beta1
v4.0-beta2
v4.0.0
v4.0.1
v4.0.2
v4.0.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40742.json"