Netbox | CVE-2024-0948

The NetBox version 3.7.0 has been identified with a cross-site scripting (XSS) vulnerability, assigned CVE-2024-0948. This vulnerability allows remote attackers to inject malicious scripts into web pages viewed by other users. Exploiting this flaw could lead to various attacks, including session hijacking, sensitive data theft, and website defacement. Users of NetBox version 3.7.0 are advised to upgrade to a patched version or apply mitigations to prevent exploitation of this vulnerability.

Discovered by Hazard Lab