CVE-2023-34565: Stored Cross Site Scripting Vulnerability in "Create Wireless LAN Groups" function in Netbox 3.5.1 · Issue #1 · grayfullbuster0804/netbox

****Description****

An authenticated malicious user can take advantage of a Stored XSS vulnerability in “Wireless LAN” function in the “GROUP” feature.

Proof of Concept
Step 1: Go to /wireless/wireless-lan-groups/, click “Add” and insert payload “<img src=x onerror=alert(‘XSS’);>” in “Name” field.

Step 2: Go to dev/wireless/wireless-lans/, Select one element and click "Edit Selected", after select “Group”

**Step 3: Script excuted

Impact
If an attacker can control a script that is executed in the victim’s browser, then they can typically fully compromise that user.