CVE-2023-37625: GitHub - benjaminpsinclair/Netbox-CVE-2023-37625

Skip to content

Sign up

• • Actions

    Automate any workflow

  • Packages

    Host and manage packages

  • Security

    Find and fix vulnerabilities

  • Codespaces

    Instant dev environments

  • Copilot

    Write better code with AI

  • Code review

    Manage code changes

  • Issues

    Plan and track work

  • Discussions

    Collaborate outside of code

Explore

*   All features
*   Documentation
*   GitHub Skills
*   Blog

• For

  • Enterprise
  • Teams
  • Startups
  • Education

  By Solution

  • CI/CD & Automation
  • DevOps
  • DevSecOps

  Resources

  • Customer Stories
  • White papers, Ebooks, Webinars
  • Partners

• • GitHub Sponsors

    Fund open source developers

*   The ReadME Project
    
    GitHub community articles
    

Repositories

*   Topics
*   Trending
*   Collections

• Pricing

Search code, repositories, users, issues, pull requests…

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches****Use saved searches to filter your results more quickly

Sign in

Sign up

benjaminpsinclair / Netbox-CVE-2023-37625 Public

• Notifications
• Fork 0
• Star 0

0 stars 0 forks Activity

Star

Notifications

• Code
• Issues
• Pull requests
• Actions
• Projects
• Security
• Insights

More

main

Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

1 branch 0 tags

Code

• Clone

  Use Git or checkout with SVN using the web URL.

• Open with GitHub Desktop

• Download ZIP

Latest commit

Git stats

• 2 commits

FilesPermalink

Failed to load latest commit information.

Type

Name

Latest commit message

Commit time

README.md

Netbox-CVE-2023-37625 Description Technical Details

README.md

Netbox-CVE-2023-37625****Description

A stored cross-site scripting (XSS) vulnerability in Netbox < 3.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Custom Link templates.

Technical Details

A stored Cross-Site Scripting vulnerability was discovered in the custom link function of the web application. This vulnerability is a result of insufficient sanitisation of the Link URL field.

To reproduce this vulnerability, the following steps may be performed:

1. Navigate to Custom Links under the Other tab.

2. Create a custom link with the following Link URL value, and assign the link to a model. In this example ‘manufacturer’ has been selected.:

   {{’test1"</a><script>alert(1)</script>’}}

3. Add a new model, in this example add a ‘manufacturer’ model.

4. Open the newly created model as any authenticated user, and observer that the alert box has executed.

About

No description, website, or topics provided.

Resources

Readme

Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks

Report repository

Releases

No releases published

Packages

No packages published